Updated 11 August 2023
We are delighted that you have chosen to visit our website. We take our data protection responsibilities with the utmost seriousness, and we have designed our website for navigation and use without having to provide Personal Data.
This Policy sets out what Personal Data we collect, how we process it, and how long we retain it. This Policy applies to all processing activities where we act as a data controller. In this policy, "we", "us" and "our" refer to Gnosis Pay Co Ltd, a company incorporated in England and Wales with its registered address at 12 New Fetter Lane, London, United Kingdom, EC4A 1JP. We operate the “gnosispay.com” website and the GnosisPay mobile application (“Services”). For more information about us, see the Contact Us section of this policy.
In this Policy, “personal data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.
If you are viewing this policy online, you can click on the below links to jump to the relevant section:
Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.
Blockchain records are ‘immutable’ by design, meaning they cannot be changed or deleted. Immutability can impact users’ ability to exercise rights such as rights to erasure (‘right to be forgotten’) or to object or restrict processing of personal data. Data on the blockchain cannot be erased and cannot be changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.
In certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens), it will be necessary to write certain personal data, such as your Ethereum or other cryptocurrency wallet address, onto the blockchain; this is done through a smart contract and requires you to execute such transactions using your wallet’s private key.
In most cases, the ultimate decisions to (i) transact on the blockchain using your Ethereum or other cryptocurrency wallet address, as well as (ii) share the public key relating to your Ethereum or other cryptocurrency wallet address with anyone (including us) rests with you.
We may collect and process Personal Data about your use of our website. This data may include:
This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-term viability of our information technology systems and website technology and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.
The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of our business against risks and your consent when agreeing to accept cookies
We may collect and process the Personal Data that you provide to us for the purpose of joining our waitlist. This data may include:
This data is collected and processed for the purpose of delivering our cards.
The legal basis for this processing is your consent as provided in the double opt-in confirmation part of joining our waitlist.
These data will be stored as long as we are required for legal purposes.
In this case, a partner service may ask you to provide personal data including but not limited to:
Name; billing address; shipping address; email address; place of birth; date of birth; identification document information, personal photo, biometric face scans, financial details, and company/workplace details; wallet address; payment information (including credit card number); phone number; username and password used for the Services; information about orders; and any other information you provide to us.
We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights, and the legal rights of others.
Further, we may process your Personal Data where such processing is necessary in order for us to comply with a legal obligation to which we are subject. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights.
We use Fractal as our KYC provider. In order to obtain a GnosisPay card, you will need to undertake KYC with Fractal.
During this process you may be required to provide the following categories of personal data to access. Your provision of this personal data is always voluntary, but if certain personal data is not provided you may not be able to use our service:
name, nationality, country of residence, address, IP address, wallet address, phone number, place of birth, date of birth, identification document information, personal photo, biometric face scans, financial details, and company/workplace details.
We use Zootools to help us collect the information for our waitlist.
We store this data collected by Zootools:
Country of residence
In order to provide user support we will use this email email@example.com.
Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.
For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy
We may pass your information to our Business Partners, administration centres, third-party service providers, agents, subcontractors, and other associated organisations for the purposes of completing tasks and providing our services to you. In addition, when we use any other third-party service providers, we will disclose only the personal information that is necessary to deliver the service required and we will ensure, that they keep your information secure and not to use it for their own direct marketing purposes. In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
You have the right to request:
You can also:
If you have any of these requests, get in contact firstname.lastname@example.org
You have the right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Information Commissioner Office under the UK GDPR. You may contact the ICO on the below details:
We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this policy. However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.
We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us or who are subscribed to our mailing lists directly of the changes and change the ‘Last Updated’ date above. We encourage you to review the Policy whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinue your use of this website.
When you use the Services, we may automatically collect certain information that your browser sends, including information about your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.
When you access the Services by or through a mobile device, we may automatically collect information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.
Additionally, we collect information about the individual web pages or products that you view, what sites or search terms referred you to the Services, and information about how you interact with the Services. We refer to this type of data as “Tracking Cookies Data”.
We collect Device Information and Tracking Cookies Data using the following technologies:
Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. For more information about cookies, and how to disable cookies, visithttp://www.allaboutcookies.org.
Two types of cookies may be used on the Website - "session cookies" and "persistent cookies".
Session cookies are temporary cookies that remain on your device until you leave the Services. A persistent cookie remains on your device for much longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or "lifetime" of the specific cookie and your browser settings).
We collect “Necessary Cookies” and “Performance Cookies” which do not identify you as an individual.
Log files track actions occurring in the Services, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.
“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Services.
Google Analytics is a web analytics service offered by Google Inc. that tracks and reports website traffic (such as navigation path, length of stay, returning or new user, end device). Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. We do not use the information and personal data collected by Google Analytics to identify individuals unless we become aware of specific indications of illegal use. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:http://www.google.com/intl/en/policies/privacy/. We also encourage you to review the Google's policy for safeguarding your data:https://support.google.com/analytics/answer/6004245. You can also opt-out of Google Analytics here:https://tools.google.com/dlpage/gaoptout. By continuing to use our Services without opting out to Google Analytics, you are agreeing to the collection of data by Google Analytics.
Gnosis Pay Co Ltd.
12 New Fetter Lane
United Kingdom EC4A 1JP