"Personal Data" - any information relating to a directly or indirectly defined, or identifiable individual.
"Processing of personal data" - any manual or automated action in relation to personal data, including: collection, receipt, recording, systematization, storage, clarification (updating, modification), extraction, use, transfer (distribution, provision, access), anonymization, blocking, deletion, destruction of personal data.
"Controller" is a legal entity of Caspian Technologies Pte. Ltd (hereinafter in the text - the Company, we, our), which independently determines the purposes and means of processing personal data when using the Spatium application (hereinafter - the Application).
"Spatium" is a mobile application (cryptocurrency wallet), using which you can have the ability to receive, send cryptoassets and access resources for their exchange, purchase, sale, as well as, get the ability to otherwise manage digital assets and cryptoassets.
This Policy applies only to the use of the Spatium application where this Policy is posted.
The Policy is applicable only in relations related to the use of the Application, and does not apply to data that comes from companies or other organizations. This Policy (together with our other documents) sets out the basis on which we process any personal data that we receive from you or that you provide to us.
We ask for your personal data that is adequate, appropriate and necessary for processing (data minimization principle).
Our policy focuses on personal information - information that identifies you or could reasonably be linked to information that identifies you. For example, when you use our app and services, we may collect personal information such as your name, IP address, address, phone number to fulfill your order or passport information to fulfill the services you ordered.
Your data is processed in a lawful, fair and transparent manner.
Employees of Our organization are responsible for ensuring compliance with this Policy. We require everyone who manages our customers' personal information to do so properly and in accordance with our policies and the provisions set forth in Regulation (EC) 2016/679 of the European Parliament and of the Council of 27 April 2016 ("General Data Protection Regulation" or "GDPR").
3. WHAT DATA WE PROCESS AND FOR WHAT PURPOSE.
By submitting your personal information, you consent to its processing in order for the Company to fulfill its obligations to you to enable you to use the Application, to keep it secure, to provide you with products and services, for example to fulfill your service requests, or to personalize our information-sharing relationships. We also use your personal information to support our services and business functions, such as fraud prevention, marketing (in terms of number of users and country of download) and legal functions.
If you have not performed a backup procedure, We do not guarantee the security of the use of our Application and the ability to use the functionality of the Application.
If We perform a backup procedure, We process two types of information:
- information we receive from you;
- information we receive from others, including services and automated programs.
You share information with us in various ways through our services and online. For example, you share information when you:
- Make a purchase/download of our App
- Creating an account in the App;
- Participate in our programs and promotions on social networks;
- Get in touch with us;
- Post a review or comment on one of our social media pages, write a review or other content on our website or mobile service;
When you take these actions, you may give us different types of personal information, such as:
- your name,
- your email address,
- physical or mailing address,
- telephone number,
- date of birth
- payment information
- information derived from the payment information,
- person's biometric data, which is processed by a neural network and converted by the server into a static preset depersonalized key.
2. We process technical information when you use our Application or Services. This may include information such as:
City ($ city) - The city of the sender event parse from the IP property or the latitude and longitude of the property. Refer to Geo Source ($geo_source) for more information.
Region ($region) - The region (state or province) of the event sender, parsed from the IP property or latitude and longitude properties. See Geo Source ($geo_source) for more information.
Country (mp_country_code) - The country of the event sender, parsed in the IP property or the Latitude and Longitude properties. See Geo Source ($geo_source) for more information.
Geo Source ($geo_source) is a method for specifying values for the Country, Region, and City properties. If the value is zero, the location properties were defined via the IP property ($ip). If "reverse_geocoding", the location properties were defined using the Latitude ($latitude) and Longitude ($longitude) properties.
Time Zone ($timezone) - The time zone of the event sender, parsed by IP.
Browser version ($browser_version) - Browser version number.
Browser ($browser) - Browser version number (not versioned).
Initial Referrer ($initial_referrer) - The referring URL on the first entry.
Initial Referring Domain ($initial_referring_domain) - The referring domain on the first arrival.
Operating System ($os) - The operating system of the event sender.
Last Seen ($last_seen) - The last time the user profile property was set or updated (should not be set manually).
Device Name ($device) - The name of the event sender's device, if it is on the mobile Internet.
iOS Device Model ($ios_device_model) - ID of the device model, in the format "iPad 3,4", etc.
iOS Version ($ios_version) - The current iOS version on the device.
Device ID ($device_id) - A unique string that identifies the user before the authentication or identification flow. By default, the Mixpanel client-side SDK packages generate $device_id for each unique browser or device. When using the client-side SDKs, $device_id is an event property that requires no additional work. $device_id does not change on the same device.
Account ID ($device_id) - account number in the Spatium application.
Application version ($app_version) - the version of the application that the user uses.
Backup biometric ($backup biometric) - whether the account access backup procedure was performed using the person's biometric parameters.
Backup paper ($backup paper) - whether the QR code was saved to restore access.
Currency balance ($BTC, ETH, etc.) - the balance of currencies in your account.
Some of the above information (but not only) that you provide to Us is obtained by Us through automated technologies (services) such as "Firebase" (https://firebase.google.com and https://analytics.google.com). When the application allows You to use its functions and features, as well as the collection and processing of information is carried out within the framework of these rules and in accordance with the rules of use and policies described in the links https://firebase.google.com/terms and https://policies.google.com/privacy,а also https://policies.google.com/privacy?hl=ru and https://policies.google.com/terms?hl=ru. You agree to these policies when you use the Application..
Here are some examples of the purposes for which data about you is used, but not limited to:
- To fulfill your requests for products and services and to communicate with you about those requests;
- To help us personalize our service offerings, mobile services and advertising;
- To send you information about our products, services and promotions;
- To respond to the feedback and comments you provide to us;
- To protect the security and integrity of our mobile services and our business;
- To execute an agreement to which the personal data subject is a party or a beneficiary or guarantor, as well as to conclude an agreement at the initiative of the personal data subject or an agreement under which the personal data subject will be a beneficiary or guarantor;
For this purpose, we combine personal and non-personal information collected online and offline, including information from third-party sources. The information you give us will only be processed with your consent to do so. It is given by you before you take these actions as described above.
3.1 Using the True depth API
The App is capable of using automatically collected information using the device's camera and the TrueDepth API provided by Apple
If you use the TrueDepth API, images from the camera can only be used to back up access to your account. No information collected by the TrueDepth API ever leaves the user's device. We do not share information with third parties, nor do we store or otherwise process data that we have accessed and used through the TrueDepth API. For more information about TrueDepth API technologies, you can visit https://support.apple.com/en-us/HT208108.
For this feature to be possible, the application requires access to your device's camera. This access can be enabled or disabled at any time in your device settings. Camera images and acquired depth data are used only for backup account access purposes. The live video stream is never used and its data is never stored locally or remotely. Access to the camera is necessary to retrieve depth data from the Apple API. This data is only stored on the device for the duration of your current session. Each time the home screen is displayed or the app is closed, the data is deleted.
4. WHAT DATA WE STORE AND FOR HOW LONG
We store your email for contacting you and identifying you in case of contacting us and regaining access to your account. We also store a static preset key on our servers to enable you to access your account. We also store the information set forth in Section 3. We keep all of this information for 10 years from the last time you visited the account because you can keep your assets in the account and you may need this information if something happens.
We destroy, or anonymize, personal data (i) when the purposes of processing have been achieved, (ii) when it is no longer necessary to achieve the purpose of processing, or (iii) upon request from the data subject within 30 calendar days.
After 10 years of inactivity of the account (last login), the last transaction We delete it. The inactivity check occurs each time you log in to the account, restore access, make a transaction using the Application.
5. RELATIONSHIPS RELATING TO THE TRANSFER OF PERSONAL INFORMATION
We will not sell or rent your personal information. We may transfer your personal information in limited circumstances, such as the conduct of our business, when required by law, or with your consent.
We will not transfer your personal information outside of our Company, except as follows:
1) If the maintenance and technical support of the Application will be performed by another organization that is committed to comply with this Policy just as We would.
2) When necessary to comply with legal requirements and to protect the Company and others.
We may share your personal information in other special circumstances, which include situations where sharing is required by law or We believe that sharing will help protect the safety, property or rights of Caspian Technology PTE Ltd., our customers, our employees or others. For example:
- Protecting the health or safety of users;
- Combating crimes committed against Company property or the organization that provides maintenance and technical support for the Application;
- Detecting and eliminating fraud or financial risks;
- Providing personal information to law enforcement agencies upon their written request;
- In response to a search warrant or other valid legal request;
- Responding to actions, requests, acts of investigative authorities in cases of breach of agreement or violation of law.
3) Business Transfers.
In the event of a merger, sale or reorganization of all or part of our business (including transfers made in bankruptcy proceedings), personal information about you may be transferred to the successor business. We will use reasonable and necessary measures to ensure that any successor business treats your information in accordance with this Policy.
4) With your consent.
At your request, we may transfer the information we process about you to the address you provide within a period of up to calendar 30 days. The exception is a static assignable key, as this information is secret and provides security against fraud or other misconduct against you and the Company. Under any circumstances other than those described above, we will ask for your consent before we transfer your personal information outside of our Company.
6. THE RIGHT OF THE DATA SUBJECT TO REFUSE TO PROVIDE DATA
If you contact us by e-mail or mail, be sure to include your full name and related contact information. For example, if you wish to opt out of mail, please provide your mailing address. It may take up to ten days to process your email requests and up to 30 calendar days to process your requests for telephone calls, text messages, and communications with your consent.
You may request and receive information about the applicable processing methods, personal data, the amount, timing of processing and storage and other data required by the Legislative Acts referred to above that apply to you based on your citizenship or location, or if you are stateless. In order to do this, you need to make a correct request and send it to e-mail: firstname.lastname@example.org or our telegram channel: t.me/spatiumwallet
Correct and official request is a request from the subject of personal data, which is sent from the mail used for registration in the application.
For government agencies and organizations, a correct and official request is a request sent to Us in the manner prescribed by the Laws of Singapore, which includes:
Name of the organization, date of the request, title of the person making the request, contents of the request with references and reasons why We are required to provide the data available to Us or take other action. Such request shall be deemed to be valid if it contains the above information and is sent in original hard copy to: CASPIAN TECHNOLOGIES PTE LTD (reg No 201727936N), Singapore, 20A Tanjong Pagar Road (088443).
7. OBTAINING YOUR PERSONAL INFORMATION, UPDATING IT AND REQUESTING TO DELETE IT
You have the option of obtaining a summary of the data that We have processed about You, as well as the data that We keep about You. We may also delete or anonymize personal information and all or part of your information at your request, so that you will not be able to use the App. All of this is available by sending an email to: email@example.com and complying with the Correctness and formality of the request as described in Section 6.
We provide you with various ways to access or update your personal information, including contact and account information. We also take reasonable steps to ensure that your personal information is accurate and complete.
You can access or update your personal information, including contact or account information, under "settings" in the App.
If you have created an account on one of our websites, log in to your account. Once you do, you can enter and update your own contact and payment information, as well as contact information for the recipients you specify.
Contact us in one of the ways listed in the Contact Us section. Please describe the information you wish to access and the changes you are requesting in your request. We will provide you with the requested personal information if it is reasonably available, unless it violates the privacy of others and is subject to reasonable restrictions imposed by law and internal procedures. Otherwise, we will describe the types of information we typically collect. We will grant access and make the changes you request, or provide an explanation of what action we can take with respect to the request.
If you wish to delete your account on the app, you must submit a written request to the Company's registered office or email firstname.lastname@example.org to do so. This action does not imply withdrawal of the Client's consent to the processing of his personal data, which occurs in the manner prescribed in paragraph 1 of this paragraph.
The Application User undertakes not to disclose to third parties the username and password used by him for identification in our websites and mobile applications where this Policy is posted. Also, the User undertakes to ensure due diligence in the storage and use of login and password (including, but not limited to: using licensed antivirus programs, using complex alphanumeric combinations when creating a password, not making available to third parties a computer or other equipment with the User's login and password entered on it, etc.) as well as authentication devices on websites and mobile applications.
If we have any suspicions or credible reports that your account has been used by a third party or malicious software, we will be forced to unilaterally change or reset your authentication credentials.
8. HOW WE PROTECT YOUR PERSONAL INFORMATION
We recognize the importance of keeping our users' personal information secure. We use reasonable security measures, including physical, administrative and technical security measures to protect your personal information.
We have employees who are responsible for ensuring the security of your information. If you make purchases on our websites or through our mobile services, we use reasonable security measures, including physical, administrative and technical security measures. These measures may include access controls or other physical security measures, information security technology and policies, and procedures to help ensure that information is properly deleted.
Here are some examples of security measures we use to protect your personal information:
A password is required to access your account. The password is up to you. Please keep this password secret.
An encryption technology called Secure Sockets Layer (SSL) helps protect personal information in certain areas of our App during transmission over the Internet. These guidelines may not be present in mobile services that use SSL.
We also use technologies such as: ECDSA, EDDSA, AES, Homomorphic encryption.
Our Partner "Svort, Inc." takes necessary technical and organizational measures to ensure security of biometric data processing. After the biometric data is processed it is converted into a static depersonalized digital key. If intruders get such a key, they will not be able to access the personal data, which includes only the stored e-mail address. This is so because the learning mode when logging into an account, or registering uses an artificial neural network which learns to transform a set of input images into a given user key, and images not belonging to the user into random "white noise" on each of the outputs of the artificial neural network. In the key reconstruction mode, the unit takes as input a set of vectors of biometric parameters and converts them into a biometric private key. When a biometric image of a previously registered user is fed to the input, a cryptographic key will be received at the output, and random "white noise" will be received for other images.
9. CHILD PRIVACY
Our Application is intended for a general audience and is not intended for children.
We recognize the importance of protecting the online privacy of children. The Company fully recognizes the importance of respecting the privacy of children, especially in an electronic communication environment. Our App is not intended for people under the age of 18. It is our policy never to knowingly collect or maintain information from anyone under the age of 18.
Please contact us if you believe we may have collected information from your child through our website by email: email@example.com or mobile app and we will try to remove it.
10. HOW WILL YOU KNOW IF THIS POLICY CHANGES?
This Policy is available to any subject of personal data.
We may also send you informational materials, posters, announcements in one of these ways, and you can unsubscribe from them at the service through which you will receive them.