IF YOU ARE ACTING FOR A BUSINESS, ORGANIZATION, OR OTHER ENTITY AND HAVE SPECIFIC REQUIREMENTS WITH RESPECT TO PERSONAL DATA PROCESSING PLEASE ENSURE THAT ON ONE HAND YOU HAVE THE RIGHT, POWER AND AUTHORITY TO ACT ON BEHALF OF AND BIND THE ENTITY YOU REPRESENT. PLEASE DO NOT ACCESS OR OTHERWISE USE SOMMELIER.
1. Your Representations and Warranties
By accessing any of the websites above, and/or interacting with Sommelier in any manner, you represent and warrant that you:
(a) are at least eighteen (18) years of age. If you are under the age of eighteen (18), you may not, under any circumstances or for any reason, interact with Sommelier. Please report to email@example.com any instances involving interaction with Sommelier by individuals under the age of 18, should they come to your knowledge;
(b) understand that Sommelier, via third parties, may screen and monitor your wallet address for illicit activities and may record and link your wallet address to an IP address or other Personal Data you may provide as part of the interaction with Sommelier. Sommelier may integrate with a third party solution to monitor on-chain data to detect sanctions and AML risks, including whether an addresses are owned or associated with clearly illegal behavior like sanctions, terrorism financing, hacked or stolen funds, ransomware, human trafficking, and child sexual abuse material (CSAM). If Sommelier then receives a “risk” warning regarding your wallet address, you will automatically be blocked from further interactions with Sommelier. If you believe your wallet address has been blocked by mistake, you may contact firstname.lastname@example.org;
3. Sommelier Data Processing
As a decentralized platform and application, Sommelier would collect as little Personal Data from you as possible. However, the following types of data may be collected and processed:
● wallet (public) addresses, transactions, assets, and balance information (blockchain data) that is accessible when interacting with Sommelier.
Sommelier has a legitimate interest in collecting this data, such as the proper execution of any transactions and interactions within Sommelier, monitoring and improving Sommelier, protection against risks, etc. The data is also required for the proper performance of Sommelier and smart contract interactions. Note that we are not responsible for your use of any of the blockchain and your data processed in these decentralized and permissionless networks.
Personal Data Sommelier may collect:
● email address, your name, and any other Personal Data you provide to us when communicating with us. Such Personal Data is used only for communication with you;
● Personal Data you are asked to provide, and the reasons why you are asked to provide it, will be made clear to you at the point we ask you to provide your Personal Data;
● IP address, MAC address, log files, domain server, data related to usage, performance, website security, traffic patterns, location information, browser and device information – only when you are using Sommelier;
● Log Files. Sommelier follows a standard procedure of using log files. These files log visitors when they visit websites. All hosting companies do this and this kind of Personal Data may also be collected as a part of hosting services' analytics. The data collected by log files may include internet protocol (IP) addresses, browser type, Internet Service Provider (ISP), date and time stamp, referring/exit pages, and possibly the number of clicks. These kinds of data may be linked to data that is personally identifiable. The purpose of the data collection and processing is for analyzing trends, administering websites, tracking users' movement on websites, and gathering demographic information;
● Your name and address you provide to us when ordering our merch products, if applicable.
Sommelier may engage third-parties advertising platforms, which may collect Personal Data from visitors of the websites only with the purpose to optimize their advertising possibilities through their platforms, target you with their advertisements, and possibly share your data with other advertising platforms and agencies for further use.]
In no event we are going to ask you to share your private keys or wallet seed. Never trust anyone or any websites or emails asking for your private keys or wallet seeds.
How Sommelier uses Personal Data:
Sommelier will use Personal Data listed above only for:
● operational purposes, such as ensuring security, identifying irregular website behavior, preventing fraudulent activity and improving security at all possible levels;
● assessing and improving the performance of Sommelier;
● analyzing website visitors actions to improve Sommelier (see also the Section “Cookies and Automatically Collected Data”);
● analyzing patterns of behavior, including via Google Analytics and other service providers;
● delivering merch products if applicable;
● send you marketing, advertising, informational emails;
● find and prevent fraud.
For the avoidance of doubt, Sommelier may use Personal Data described above or any other Personal Data:
● where the Personal Data is required for Sommelier to operate;
● on the basis of legitimate interests to protect Sommelier, prevent any malicious and harmful activities, maintain technical systems healthy and secure, improve Sommelier operations by using aggregate statistics, etc.;
● to respond to any legal requests of authorities, provide information upon court orders and judgments, or if we have a good-faith belief that such disclosure is necessary under the applicable laws to cooperate with official investigations or legal proceedings, including but not limited to in response to subpoenas, search warrants, or court orders, and including other similar statutory obligations Bajanss or any of the data processors may be subjected to;
● on the basis of your consent; and
● on other legal bases as applicable under typical data protection laws.
Disclosure of Data:
Bajanss may disclose any Personal Data in connection with a merger, division, restructuring, or other association change, or to its subsidiaries and affiliates (if any) only if necessary for operational purposes.
If Bajanss must disclose any of your Personal Data in order to comply with official investigations or legal proceedings initiated by governmental and/or law enforcement officials, we may not be able to ensure that such recipients of your Personal Data will maintain the privacy or security of your Personal Data.
Data Retention Period
Sommelier and Bajanss will maintain Personal Data exclusively within the time needed to follow the prescribed herein legal purposes. When we no longer need Personal Data, the limitation period for storage of such Personal Data has expired, you have withdrawn your consent or objected to our or our processors’ legitimate interests, we will securely delete or destroy it unless the statutory requirements we, our processors or other controllers are subjected to stipulate otherwise. Aggregated data, which cannot directly identify a device/browser (or individual) and is used for purposes of reporting and analysis, will be maintained for as long as commercially necessary till you object to processing of such data or withdraw your consent. For the avoidance of doubt, you understand and acknowledge that your public wallet addresses and transactions records, minus any Personal Data, are part of the public blockchain records, visible via public blockchain explorers, and not something that Sommelier or Bajanss may delete and/or correct.
Sometimes legal requirements will oblige companies such as Bajanss to retain certain data, for specific purposes, for an extended period of time. Reasons Bajanss might retain some data for longer periods of time include:
● Security, fraud & abuse prevention;
● Financial monitoring and record-keeping;
● Complying with legal or regulatory requirements; and
● Ensuring the continuity of your interaction with Sommelier, if applicable.
You may contact us by email at email@example.com. Any Personal Data that you provide in an email to us, which you may give voluntarily, will only be used in order to answer your question or to reply to your email in the best possible manner, and will not be retained except as needed for compliance purposes, if applicable.
4. Cookies and Automatically Collected Data
Data automatically collected from cookies and web beacons may include information about your web browser (such as browser type and browser language) and details of your visits to the Sommelier websites, including traffic data, location data and logs, page views, length of visit, and website navigation paths, as well as information about your device and internet connection, including your IP address and how you interact with Sommelier. We collect this data in order to help us improve Sommelier and your interaction with Sommelier.
The information we collect automatically may also include statistical and performance information arising from your interactions with Sommelier. This type of data will only be used by us in an aggregated and pseudonymized manner.
At any time, you can choose to disable cookies through your individual browser options. To get more detailed information about cookie management with specific web browsers, please find it on the browsers' respective websites.
5. Your rights under GDPR
Data protection in Estonia is primarily governed by the General Data Protection Regulation (Regulation (EU) 2016/679) (“GDPR”) which has been implemented into Estonian law since 2019. Under GDPR, you have a number of privacy rights concerning the use, storage, and processing of your Personal Data (e.g., the right to delete your data). Please refer to the following rights as needed:
● Right of access – you have the right to request a copy of the data we hold about you.
● Right of rectification – you have the right to correct inaccurate or incomplete data about you. However, please note that public wallet addresses and transactions recorded on immutable public blockchain records are not within the definition of Personal Data we would be able to correct and/or rectify for you. Your blockchain activity is your responsibility.
● Right to be forgotten – you can request that the Personal Data that we hold about you be erased from our system and we will comply with this request unless we have a legitimate reason, legal requirement, and other statutory basis not to do so. Even if we can delete (erase) the Personal Data subjected to our active (ongoing) processing activities and cease its processing, we will nevertheless retain this particular Personal Data in our backup and archive storages to fulfill our statutory and other requirements. In addition, please note that public wallet addresses and transactions recorded on immutable public blockchain records are not within the definition of Personal Data we would be able to delete. Your blockchain activity is your responsibility.
● Right to restriction of processing – where certain conditions apply, you can ask us to ‘block’ the processing of your Personal Data.
● Right to data portability – you have the right to have the data we hold about you transferred to another organization and to receive Personal Data in a structured, commonly used format. Please contact firstname.lastname@example.org to find out whether we currently support the provision of the portable file containing Personal Data we process about you
● Right to object - you can object to the processing of your data by writing to email@example.com at any time for reasons that arise from your special situation provided the data processing is based on our legitimate interest or that of a third party, or where we carry out profiling, use machine learning or automated decision-making algorithms. In this case, we will no longer process your Personal Data. The latter does not apply if we are able to prove there are compelling, defensible reasons for the processing that outweigh your interests or we require your data to assert, exercise or defend legal claims. It also doesn’t apply to data which is on the public blockchain records which anyone can access and use for any purpose at any time.
● Right to withdraw consent - you have the right to withdraw the consent you gave us with regard to the processing of your Personal Data for certain purposes.
● Right to complain - you have the right to submit a complaint to the data privacy protection authorities responsible. You can send your complaints to the supervisory authority of your country of residence.
Please contact firstname.lastname@example.org with any questions about exercising any of the above rights. To learn more about GDPR generally, please access the website of the Estonian Data Protection Inspectorate here https://www.aki.ee/en/inspectorate/legislation.
6. Transfer of Personal Data
Transfers to third countries are subject to appropriate safeguards, i.e., Standard Contractual Clauses. More information on such safeguards may be obtained by you upon a prior written request sent to us, subject to your agreement to maintain confidentiality.
7. Data Integrity & Security of Processing
We take data security very seriously. The Personal Data you provide us will be protected from loss, misuse, or unauthorized access, via a variety of safeguards such as encryption, digital and physical access controls, non-disclosure agreements (NDAs), and other technical and organizational measures. However, no electronic transmission, storage, or processing of Personal Data cannot be entirely secure. We cannot guarantee that the security measures we have in place to safeguard Personal Data, or the security measures taken by data processors or third party service providers, will never be defeated or fail, or that those measures will always be sufficient or effective. Therefore, although we are committed to protecting your privacy, you should not expect that your Personal Data will always remain private or secure.
Most importantly, Sommelier is based on public blockchains intended to immutably record transactions across wide networks of computer systems located in many jurisdictions, and which are open to forensic analysis. This can lead to deanonymization and the unintentional revelation of Personal Data. Because blockchains are decentralized or third-party networks which are not controlled or operated by us, we are not able to erase, modify, or alter Personal Data from such networks.