Information About Us
The SecretNFT is owned and operated by Capsule Corp, a simplified joint stock company (Société par actions simplifiée - SAS) under French law registered with the Bayonne Trade and Companies Register under the number 882 163 413, with its registered address located at Centre International d'Affaires 24 Boulevard Marcel Dassault 64200 Biarritz, France.
What Is Personal Data?
Personal data is defined by the General Data Protection Regulation (EU Regulation 2016/679) (the “GDPR”) and the French Law No 78-17 of 6 January 1978 (collectively, “the Data Protection Legislation”) as ‘any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier’.
Personal data is, in simpler terms, any information about you that enables you to be identified. Personal data covers obvious information such as your name, address, phone number and other contact details, but it also covers less obvious information such as identification numbers, electronic location data, and other online identifiers.
Personal Data We Collect
Subject to the following, we do not collect any personal data from you:
- a) SecretNFT collects certain information automatically, including your IP address, the type of browser you are using, and certain other non-personal data about your computer or device such as your operating system type or version, and display resolution when you visit our Website.
- b) You may want to keep in touch with us for getting updates and news about our services. We ask you to provide your email address in order for us to be able to keep you updated about any new features, changes in our services, and any other news.
- c) We operate social media pages where you can get in touch with us either by directly messaging us or mentioning us in your posts. In such a case, we would see the data (including any personal data) you have decided to share with us. Depending on the medium, the personal information we might get about you could include, for example, your name, email address, where you work, job title or anything else.
Rights of Data Subjects
Under the Data Protection Legislation, you have the following rights, which we will always work to uphold:
- The right to have your personal data rectified if any of your personal data held by us is inaccurate or incomplete. Please contact us using the link in section “How to contact us” to find out more.
- The right to be forgotten, i.e. the right to ask us to delete or otherwise dispose of any of your personal data that we hold. Please contact us using the link in section “How to contact us” to find out more.
- The right to restrict (i.e. prevent) the processing of your personal data.
- The right to object to us using your personal data for a particular purpose or purposes.
- The right to withdraw consent. This means that, if we are relying on your consent as the legal basis for using your personal data, you are free to withdraw that consent at any time.
- The right to data portability. This means that, if you have provided personal data to us directly, we are using it with your consent or for the performance of a contract, and that data is processed using automated means, you can ask us for a copy of that personal data to re-use with another service or business in many cases.
- Rights relating to automated decision-making and profiling. We do not use your personal data in this way.
It is important that your personal data is kept accurate and up-to-date. If any of the personal data we hold about you changes, please keep us informed as long as we have that data.
Further information about your rights can also be obtained from the French Data Protection Authority - CNIL (Commission Nationale de l'Informatique et des Libertés). If you have any cause for complaint about our use of your personal data, you have the right to lodge a complaint with the CNIL. We would, however, welcome the opportunity to resolve your concerns ourselves. That is why we encourage you to contact us first, using the link in section “How to contact us”.
Data Subject Access Requests
We encourage you to submit any data subject access requests in writing and send to us via the link shown in section “How to contact us”. There is not normally any charge for a subject access request. If your request is ‘manifestly unfounded or excessive’ (for example, if you make repetitive requests) a fee may be charged to cover our administrative costs in responding.
We will respond to your subject access request within 15 days and, in any case, not more than one month after receiving it. Normally, we aim to provide a complete response, including a copy of your personal data within that time. In some cases, however, particularly if your request is more complex, more time may be required up to a maximum of three months from the date we receive your request. You will be kept fully informed of our progress.
Lawful Basis of Processing
The Data Protection Legislation requires us to have a valid and lawful legal basis for processing personal data. We rely on several legal basis to process your personal data such as (i) your consent (GDPR Article 6.1(a)), (ii) performance of a contract, where processing is necessary in order to enter into a contract, including electronic contracts, to provide any services and to perform any contractual obligations (GDPR Article 6.1(b)), (iii) legal obligation we have under applicable law, in situations such as when there is express legal requirement for us to process your data or based on a court order, or to exercise or defend legal claims (GDPR Article 6.1(c)), or (iv) our legitimate interests which could include to run, grow, develop and deliver our services, enhance the security of our network and information systems, and enhance, modify, or otherwise improve our services and communications (GDPR Article 6.1(f)).
How We Use Your Personal Data?
Where we collect any personal data, it will be processed and stored securely, for no longer than is necessary in light of the reasons for which it was first collected. We will comply with our obligations and safeguard your rights under the Data Protection Legislation at all times.
We will process your personal data in order to get back to you in order to answer your questions or feedback which we assume is the reason why you contact us using our email address, or social media pages.
The reason for collecting technical data (including cookies) as referred to above is necessary for the technical operation of SecretNFT and will not normally be used in any way to personally identify you and give you a better user experience on SecretNFT.
We will not share any of your personal data with any third parties for any purposes other than storage of an email and/or web hosting server. We are relying on third-party service providers for these services. We make sure that these service providers are hosting your personal data within the a (the “EEA”) which is considered a requirement under the GDPR.
How and Where Do We Store Your Data?
We will only store your personal data within the European Economic Area (“EEA”). The EEA consists of all EU member states, plus Norway, Iceland, and Liechtenstein. This means that your personal data will be fully protected under the Data Protection Legislation, the GDPR, and/or to equivalent standards by law.
We try our best not to transfer any personal data outside of the EEA. However, given the global nature of the blockchain technology, we may need to engage third-parties which are located outside the EEA. This would mean the transfer of personal data to “third countries” as referred to under the Data Protection Legislation. If this scenario ever occurs, we will take additional steps in order to ensure that your personal data is treated just as safely and securely as it would be within the EEA and under the Data Protection Legislation as follows: (i) we will only transfer your personal data to third countries whose levels of data protection are deemed ‘adequate’ by the European Commission (more information is available from the European Commission), or if this does not apply (ii) we will rely on standard contractual clauses approved by the EU Commission.
Do We Share Your Personal Data?
We will not share any of your personal data with any third parties for any purposes, subject to the following exceptions:
- From time to time, we may use third party service providers which we may share your personal data with. In such a scenario we would ensure that these service providers do not make use of your personal data for any secondary purposes other than our instructions.
- In some limited circumstances, we may be legally required to share certain personal data, which might include yours, if we are involved in legal proceedings or complying with legal obligations, a court order, or the instructions of a government authority.
How to Contact Us?
If you have any questions we would be happy to answer them. Do not hesitate to contact us for any inquiries you might have via this link.