Privacy Policy
Last Updated: April 2023
This Policy sets out what Personal Data we collect, how we process it and how long we retain it. This Policy applies to all of our processing activities where we act as a data controller or where we act as data controller on behalf of clients. In this policy, “we”, “us” and “our” refers to Nomev Labs, Lda and affiliates. For more information about us, see the “Our Details” section at the end of this policy.
In this Policy, “personal data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
In this Policy, “processing” means any operation or set of operations which is performed on personal data (as defined in this Privacy Policy) or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
1. Your information and the Blockchain
Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of the business of our clients. Blockchains are decentralised and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger), this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralised place where it is located either.
Accordingly, by design, a blockchains records cannot be changed or deleted and is said to be ‘immutable’. This may affect your ability to exercise your rights such as your right to erasure (‘right to be forgotten’), or your rights to object or restrict processing of your personal data. Data on the blockchain cannot be erased and cannot be changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.
In certain circumstances, it will be necessary to write certain personal data, such as your wallet address, onto the blockchain; this is done through a smart contract and requires you to execute such transactions using your wallet’s private key.
In most cases ultimate decisions to (i) transact on the blockchain using your wallet address, as well as (ii) share the public key relating to your wallet address with anyone (including us) rests with you.
IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ON BLOCKCHAINS AS CERTAIN RIGHTS MAY NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US DUE TO THE TECHNOLOGICAL INFRASTRUCTURE OF THE BLOCKCHAIN. IN PARTICULAR THE BLOCKCHAIN IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL DATA SHARED ON THE BLOCKCHAIN WILL BECOME PUBLICLY AVAILABLE
2. How We Use Personal Data
When visiting our website or websites we host on behalf of clients
We may collect and process Personal Data about your use of our website or websites we host on behalf of clients. This data may include:
- The browser types and versions used;
- The operating system used by the accessing system;
- The website from which an accessing system reaches the website (so-called referrers);
- Behaviour: subpage, duration, and revisit;
- The date and time of access to the website, The Internet protocol address (“IP address”);
- The Internet service provider of the accessing system;
- session by device; and
- Any other similar data and information that may be used in the event of attacks on our information technology systems.
This data may be processed in order to deliver the content of our website or websites we host on behalf of clients correctly, to optimise the content of our website or websites we host on behalf of clients to ensure the long-term viability of our information technology systems and website technology, and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack. The legal basis for this processing is the legitimate business interests, namely monitoring and improving our website or websites we host on behalf of clients and the proper protection against risks.
Participating in User Experience Research
When you participate in our user experience research - or user experience research we conduct on behalf of our clients - we may collect and process some personal data. This data may include:
- your name or pseudonym;
- your wallet address(es);
- your email address, Telegram handle or Twitter handle;
- your occupation;
- range of funds you transact with regularly;
- usage of tokens, blockchains, exchanges.
In addition, we may take a recording of you while testing the website or website we host on behalf of our clients for internal use. The basis for this collection and processing is our legitimate business interest or that of our clients in monitoring and improving our services. You are never required to share information you are not comfortable sharing.
The legal basis for this processing is your consent as provided before participating in user experience research.
Participating in our Bug Bounties and Challenges or those of our clients
When participating in bug bounties or challenges we may collect and process personal data. This data may include:
- your email address;
- your name;
- the data is used and processed in order to credit the participant the right payment for the reported bug.
When visiting our Twitter, Medium or other social media or those of our clients
We may collect and process Personal Data about your use of our Twitter, Medium or other social media. This data may include:
- clicks on a shortened URL;
- a history of referral URLs for clicks of a shortened URL; and
- a history of IP addresses used to access a shortened URL.
- This data is collected and processed for the purposes to track the success of the marketing campaigns, blog posts, and other marketing material; and for user demographics in order to identify target markets. This data is collected and processed for the purpose of improving the content of our shared links pursuant to our legitimate interests (or those of our clients). When visiting the mentioned services different data protection regulations apply, please familiarise yourself with their Privacy Policies.
Other uses of your Personal Data
We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this process is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights and the legal rights of others, including our clients.
Further, we may process your Personal data where such processing is necessary in order for us to comply with a legal obligation to which we are subject. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights.
3. Use of Third Party Applications
Amazon Webserver
We may use the Amazon Web Server (AWS) to store log and database data. For further information and the applicable data protection provisions of AWS please visit https://aws.amazon.com/privacy/?nc1=f_pr
Blockchain
Refer to the Section “Your information and the Blockchain” above. Intents to trade submitted - if successful - will be stored on the blockchain and will be displayed permanently and public, this is part of the nature of the blockchain. If you are new to this field, we highly recommend informing yourself about blockchain technology before using the website.
Discord
We may use Discord for community management for our clients. For further information and the applicable data protection provisions of Discord please visit https://discord.com/privacy
Discourse
We may use Discourse for discussion. For further information and the applicable data protection provisions of Discourse please visit https://www.discourse.org/privacy
Google Workspace
We may use Google Workspace (Drive, Sheets etc.) for storing user interviews and other personal data. For further information and the applicable data protection provisions of Google Workspace please visit https://policies.google.com/privacy
Beaverbuild
MEV Blocker was jointly formulated with Beaverbuild to provide the RPC endpoint. An RPC (remote procedure call) endpoint is used to connect applications like wallets to the blockchain. For information on Beaverbuild, visit https://beaverbuild.org/
Agnostic Relay
MEV Blocker was jointly formulated with Agnostic Relay to provide the RPC endpoint. An RPC (remote procedure call) endpoint is used to connect applications like wallets to the blockchain. For information on Agnostic Relay, visit https://agnostic-relay.net/
CoW Protocol
MEV Blocker was jointly formulated with CoW Protocol to provide the RPC endpoint. An RPC (remote procedure call) endpoint is used to connect applications like wallets to the blockchain. For further information and the applicable data protection provisions please visit https://swap.cow.fi/#/privacy-policy
Support Channels
In order to provide user support on our behalf or on behalf of our clients, we will use different channels like Discord, Discourse, Github or Telegram to facilitate the resolution of any questions and concerns should these arise. By accepting this Privacy Policy, you are deemed to consent to providing the following Personal Data to persons looking to resolve any dispute:
- Name and surname;
- Detailed enquiry description;
- The date and time that the issue arose;
- The outcome sought.
Transmitting Social Media Links
When linking social media links, those services might also collect Personal Data. Please refer to their privacy policies for more information.
Vercel
We may use Vercel for optimising website development. For further information and the applicable data protection provisions of Vercel please visit https://vercel.com/legal/privacy-policy
4. Sharing Your Personal Data
We may pass your information to our clients, Business Partners, administration centres, third party service providers, agents, subcontractors and other associated organisations for the purposes of completing tasks and providing our services to you.
In addition, when we use any other third-party service providers, we will disclose only the personal information that is necessary to deliver the service required and we will ensure that they keep your information secure and not use it for their own direct marketing purposes.
In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.
5. Data Security
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees (if applicable), agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. Please note that intents to trade are publically accessible via the API/Explorer, SDK and may be stored on the Blockchain as per applicable paragraphs above.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
6. Your Rights as a Data Subject
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.
Right Information and access
You have a right to be informed about the processing of your personal data (and if you did not give it to us, information as to the source) and this Privacy Policy intends to provide the information. Of course, if you have any further questions you can contact us on the below details.
Right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information. The accuracy of your information is important to us. If you do not want us to use your Personal Information in the manner set out in this Privacy Policy, or need to advise us of any changes to your personal information, or would like any more information about the way in which we collect and use your Personal Information, please contact us at the above details.
Right to erasure (right to be ‘forgotten’)
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information; and
- erasure is required to comply with a legal obligation that applies to us.
However, when interacting with the blockchain we may not be able to ensure that your personal data is deleted. This is because the blockchain is a public decentralised network and blockchain technology does not generally allow for data to be deleted and your right to erasure may not be able to be fully enforced. In these circumstances we will only be able to ensure that all personal data that is held by us is permanently deleted.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defence of legal claims.
You can exercise this right at any time by contacting us on the below details.
Right to restrict processing and right to object to processing
You have a right to restrict processing of your personal information, such as where:
- you contest the accuracy of the personal information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defence of legal claims.
You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
We do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes unless:
You have a business relationship with us or one of our clients, and we rely on our legitimate interests or that of our clients as the lawful basis for processing (as described above) you have otherwise given your prior consent.
You can change your marketing preferences at any time by contacting us. On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. You may also opt-out at any time by contacting us on the below details. Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Privacy Policy or applicable terms of business, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe as they are necessary to provide the services requested. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our website or websites we host on behalf of clients or as part of a contractual relationship we may have with you.
Right to request access
You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Information that we hold or process. To protect your personal information, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the below details.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us on the below details.
Raising a complaint about how we have handled your personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact us as set out below and we will then investigate the matter.
Right to complain with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner under the Data Protection Act.
You may do so in the EU member state of your habitual residence, your place of work or the place of the alleged infringement. In Portugal, the supervisory authority is the:
CNPD - Comissão Nacional de Proteção de Dados
Av. D. Carlos I, 134, 1º
1200-651 Lisboa
T (+351) 213 928 400
F (+351) 213 976 832
geral@cnpd.pt
https://www.cnpd.pt/
You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA.
7. Storing Personal Data
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this policy. However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
8. Changes to This Privacy Policy
We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us or who are subscribed to our emailing lists directly of the changes, and change the ‘Last updated’ date above. We encourage you to review the Policy whenever you access or use our website or websites we host on behalf of clients to stay informed about information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinue your use of this website.
9. Our Details
This website is hosted by Nomev Labs, Lda on behalf of a client. We are registered in Portugal under registration number PT516811924, and our registered office is located at Rua António Maria Cardoso, No 25, piso 4, 1200-027 Lisboa.
If you have any queries concerning your rights under this Privacy Policy, please contact us at legal@nomev.io