Privacy Policy

Last updated: 1 May 2023

1. OVERVIEW – THE KEY INFORMATION YOU SHOULD BE AWARE OF

1.1 - WHO WE ARE

This Privacy Policy (“Privacy Policy”) describes how Enjin Pte. Ltd. may collect, use, disclose, process, and protect your information when you access Enjin’s online non-fungible token (NFT) marketplace, NFT.io (“NFT.io” or the “Website”) including the use of the current and future features and functionalities of the Website (collectively, “Services”). All references in this Privacy Policy to “Enjin”, “our”, “us” or “we” refer to Enjin Pte. Ltd., or our group companies, as appropriate.

Our values and what this policy is for:

This Privacy Policy governs the collection, storage and use of personal information by us when you access or use the Services. It provides you with details about the personal information we collect from you, how we use your personal information, and your rights regarding the personal information that we hold about you. Please read this Privacy Policy carefully.

We are always looking to improve the information we provide to our customers and so if you have any feedback on this Privacy Policy, please let us know by contacting our Data Protection Officer (“DPO”) whose details are set out at section 13 (Further questions and how to make a complaint) below.

1.2 - WHAT THIS POLICY CONTAINS

This Privacy Policy describes the following important topics relating to your information:

  • What personal information does Enjin collect from you?
  • What does Enjin do with this personal information and what is our legal basis for processing it?
  • What personal information is shared with or accessed by third parties?
  • Where we may transfer your information
  • How long we store your personal information
  • Your rights
  • Marketing
  • Children’s privacy
  • Risks and how we keep your personal information secure
  • Links to other websites
  • Changes to our privacy policy
  • Further questions and how to make a complaint

2 - WHAT PERSONAL INFORMATION DOES ENJIN COLLECT FROM YOU?

In this Privacy Policy, “personal information” means any personal information about you which could identify you (by itself or in combination with other data) such as your name, address, email address, wallet address, picture or an online identifier, such as a unique ID, or your Internet Protocol (or “IP”) address.

In relation to the use of the Services, we may collect limited information under sections 2.1 and 2.2. The collection of limited personal information can be through a number of different ways. In this section, we explain the different ways we collect personal information and the ways in which that information will be used. For more detail on how we use your data, please see section 3 (What does Enjin do with this data and what is our legal basis for processing this data?) below.

We will usually collect and store the following data about you when you access and use our Services:

2.1 - DATA YOU GIVE US DIRECTLY:

  • If you create an account on the Website, we may collect your first and last name, username, email address, telephone/mobile number, cryptocurrency wallet address, personal website URL, messaging application handles/usernames (e.g., Telegram, Discord, etc.), social media accounts, and other registration-related information (“Collected Data”);
  • If you execute any activity through the Website, we may collect the transaction information;
  • If you sign up for the Website, our newsletter, content offers, or specific mailing lists, we will collect your email address;
  • If you enter any competitions, contests, or giveaways, or complete any surveys on the Website, we will collect and store the data you submit to us, including any Collected Data;
  • If you participate in an NFT airdrop (giveaway), we may request your telephone/mobile number for the sole purpose of validation, and may store it in a hashed format for abuse prevention purposes;
  • If you contact us via our website or through email, raise a complaint, ask for technical support or report a problem with the Website, we will also collect information you provide to us (including your name and email address, as well as any content included in your message), as well as your IP address, device information, browser information, and any automatically generated diagnostic information that may assist in matching errors to a user.

2.2 - DATA WE COLLECT WHEN YOU USE OUR SERVICES:

This may include but is not limited to:

  • Public data or information accessible on the blockchain for any activity made through the Website;
  • The IP address used to connect your mobile device or computer to the Internet;
  • Data about your location, device type and model, operating system and version, and any applications, add-ons or extensions you are using in conjunction with the Website;
  • Data relating to your use of the Website, including but not limited to performance, frequency of usage, and crash logs and reports.

2.3 - DATA WE COLLECT FROM THIRD-PARTY COMPANIES

  • Data from companies that offer their products or services for use in conjunction with our Services or whose products or services may be linked from our Service (e.g., information shared to third-party providers or payment processors);
  • Analytics information provided by third party analytics services engaged to analyze how users use the Services;
  • Additional information we may require to comply with legal obligations.

Any data obtained through any of the above means may then be associated with other data you have previously provided to us.

We will sometimes use third party companies to help us collect this personal information. Further information is provided below in section 4 (What personal information is shared with or accessed by third parties?) below.

3 - WHAT DOES ENJIN DO WITH THIS PERSONAL INFORMATION AND WHAT IS OUR LEGAL BASIS FOR PROCESSING IT?

3.1 - USE OF PERSONAL INFORMATION WHICH IS NECESSARY TO PERFORM A CONTRACT

The personal information you provide is collected, stored and used to enable us to deliver, operate, improve, customize, and support the Services in the best way possible. This includes, but is not limited to:

  • providing you with a consistent and personalized service, for example, we may keep track of your preferences (such as your language selection, currency selection, preferred settings, etc.) and activities on the Website so that we may provide you with the correct versions of our services;
  • restricting customers from attempting to use the Services from a restricted territory or who are under-age and attempting to access inappropriate content in breach of our Terms of Service;
  • ensuring that you are complying with our Terms of Service when you use our Services and taking any necessary action if you are not complying with our Terms of Service;
  • providing you with any customer support you have requested; and
  • analyze and resolve disputes, errors, and troubleshoot problems.

The above uses of your personal information are necessary in order for us to provide the Services, and for you and other users to be able to use them, in accordance with our Terms of Service.

3.2 - USE OF PERSONAL INFORMATION WHICH IS NECESSARY FOR OUR LEGITIMATE INTERESTS

Sometimes, our use of your personal information is for purposes which are ancillary to the provision of the Services, or which are desirable in order to make it operate more effectively. In those circumstances, we believe we have a legitimate interest in handling your data, and do not believe that this storage and use of your data will be of particular concern to you.

We use your personal information for our legitimate interests in the following ways:

  • to detect and prevent fraud, hacking and/or other cyber-attacks (for example, we use automated decision making in relation to your IP address and/or user agent to ensure that you are not a bot and/or carrying out a malicious attack);
  • to keep the Website secure;
  • to provide, customize, and improve the Services which are available to you on the Website such as the creation, purchase, sale, or transfer of NFTs;
  • to improve the Website, for analysis and reporting purposes (this also includes using data to log any crashes in our provision of the Website, so we may report such interruptions) (and to do this, we may use a third party to assist us);
  • to understand your preferences and personalize your experience on the Website;
  • to detect and prevent any other harmful or unlawful activity;
  • to send you push notifications with service-related information for certain services offered on the Website or in relation to events selected by you within your account settings;
  • to help us manage advertising and provide you with advertising that is relevant to you, as further described in section 5 (Third party advertising companies) below;
  • to respond and provide correct and efficient customer support and assistance to your queries and requests;
  • to record your preferences in relation to advertising and marketing communications;
  • to comply with applicable laws and regulations and other requests by competent authorities; and
  • to act in any other way that we may describe when you provide your Personal Information.

3.3 – PERSONAL INFORMATION WE USE WITH YOUR CONSENT

If you have opted in for marketing communications, we will collect, store and use your email address, as well as data relating to your use of the Website or the Services, in order to provide marketing for the Website that we believe may be of interest to you (see below for details of our marketing communications). We also use your data to offer you other services which we think may be of interest to you, by email, push notification, or on the Website itself, where you have chosen to opt-in to such communications in your account settings.

You can opt-out at any point by clicking “Unsubscribe” in any email communication you receive, or through the account settings page, which means you will no longer receive these marketing messages. Additionally, the withdrawal of your consent may however result in certain consequences. For example, in certain cases, we may not be able to provide you with certain services on the Website.

3.4 – ANONYMOUS DATA

We will also collect anonymized details about the use of the Services for the purposes of creating aggregate statistics or reporting. However, no single individual will be identifiable from the anonymized details we collect for these purposes. We may share this aggregated information about our user base with our partners and advertisers.

4 – WHAT PERSONAL INFORMATION IS SHARED WITH OR ACCESSED BY THIRD PARTIES?

We may share your personal information with various third parties (including our affiliate companies in other countries) as follows:

  • We use third parties to help us manage your information and the Website, such as our IT service providers, cloud service providers, data analytics providers, customer service software, and support ticketing providers. These are companies who are authorized to process data on our behalf only as necessary to provide the relevant services to us and cannot use it for their own independent purposes;
  • We may share your data with third-party providers or payment processors to complete any purchases on the Website. As may be necessary, these third-party payment processors may also ask us to share your data with them to confirm the nature of any payment transaction and to verify your identity and payment details;
  • We share your personal information with companies that assist us with our marketing activities where you have opted-in for such communications; and
  • We or our third-party partners may disclose your personal information where we are required or permitted to do so by law or to protect or enforce our rights or the rights of any third party. We may also share your data with third parties to prevent fraud, abusive or unlawful behavior or to demonstrate our compliance with other terms or laws.

Any third parties with whom we share your personal information are limited (by law and by contract) in their ability to use your personal information for any purpose other than to provide services for us. We will always take reasonable steps to ensure that any third parties with whom we share your personal information are subject to privacy and security obligations consistent with this Privacy Policy and applicable laws.

To the extent available to us, we will also disclose your personal information to third parties where it is in our legitimate interests to do so to run, grow and develop our business, such as:

  • if we sell or buy any business or assets, we may disclose your personal information to the prospective seller or buyer of such business or assets;
  • if substantially all of our or any of our affiliates’ assets are acquired by a third party, in which case personal information held by us will be one of the transferred assets;
  • if we are under a duty to disclose or share your personal information in order to comply with any legal obligation, any lawful request from government or law enforcement officials and as may be required to meet national security or law enforcement requirements or prevent illegal activity;
  • in order to enforce or apply our Terms of Service or any other agreement or terms of use, to respond to any claims, to protect our rights or the rights of a third party, to protect the safety of any person or to prevent any illegal activity; or
  • to protect the rights, property or safety of Enjin, our staff, our customers, or other persons. This may include exchanging personal information with other organizations for the purposes of fraud protection.

We may also disclose and use anonymized, aggregated reporting and statistics about users of our Services or our goods and services for the purpose of internal reporting or reporting to our group or other third parties, and for our marketing and promotion purposes. None of these anonymised, aggregated reports or statistics will enable our users to be personally identified.

Save as expressly detailed above, we will never share, sell or rent any of your personal information to any third party without notifying you and, where necessary, obtaining your consent. If you have given your consent for us to use your personal information in a particular way, but later change your mind, you should contact us and we will stop doing so.

5 - THIRD PARTY ADVERTISING COMPANIES

We want to make sure that our advertising and marketing are relevant and interesting to you and our other users.

To achieve this, we use third-party advertising and technology companies to serve ads and/or provide aggregated data to assist in serving ads when you visit or use the Website. This includes third party technology companies which collect data about you in order to build a profile of your preferences based on your activities when you visit or use the Website. We also use these companies to automatically collect data from you when you use the Website in order to help us identify the ads that are served to you and what you do after seeing those ads. In addition, we share data with providers of web analytics tools, such as Google Analytics, Heap, and AppsFlyer, which we use to analyze your use of the Website. You are encouraged to review their privacy policy and contact them directly for responses to your questions.

These third party advertising companies collect, store and use data by integrating cookies and other tracking software on the Website. The relevant data collected by these third parties may include website activity (for example, how long you are accessing our website and which specific pages you have looked at), IP addresses, and geolocation information. Data which you provide to Enjin when using the Website may also be captured by these third parties.

In some cases these third parties will also use the data that they collect for their own purposes, for example they may aggregate your data with other data they hold and use this to inform advertising related services provided to other clients.

Please see our Cookies Policy for more information on the third party advertising companies which collect, use and store data about you, the use of cookies and other tracking technologies on our Services and how you can amend your cookies setting in your browser settings.

6 - WHERE WE MAY TRANSFER YOUR PERSONAL INFORMATION

6.1 - STORAGE LOCATIONS

We engage the services of a cloud storage provider in providing the Website and the Services. This means that the personal information we collect from you might be used, stored and/or accessed by our staff, members of our group, or suppliers outside of Singapore, such as in the European Economic Area (“EEA”), the USA, Canada, Asia Pacific, and other locations where our provider has servers. Further details on to whom your personal information may be disclosed are set out in section 4 (What personal information is shared with or accessed by third parties?).

6.2 - PRIVACY PERTAINING TO YOUR PERSONAL INFORMATION STORED OUTSIDE OF THE EEA

Where we transfer any personal information about you to any location outside the EEA, we will take appropriate measures to ensure that the recipient protects your personal information adequately in accordance with this Privacy Policy. These measures may include the following permitted in Articles 45 and 46 of the EU’s General Data Protection Regulation:

  • in the case of USA based entities, entering into European Commission approved standard contractual arrangements with them;
  • in the case of Canada based entities, relying on the European Commission’s determination that Canadian law provides adequate protection for such personal information; and
  • in the case of entities based in other countries outside the EEA, entering into European Commission approved standard contractual arrangements with them.

6.3 - COMPLIANCE WITH THE PERSONAL DATA PROTECTION ACT 2012

In relation to personal information collected in Singapore, we will only transfer personal information outside Singapore in accordance with the Personal Data Protection Act 2012 (“PDPA”) of Singapore. Further, you agree, acknowledge and consent that your personal information (and such other personal information which you provide to us) may be stored or processed in any country where we have operations or where we engage service providers. We may transfer personal information outside Singapore to countries which may have data protection rules that are different from those of Singapore. However, we shall take measures to ensure that any such transfers comply with the PDPA, and such personal information remains protected to the standards described in this Privacy Policy. In certain circumstances, courts, law enforcement agencies, regulatory agencies or security authorities in those other countries may be entitled to access the personal information.

6.4 - HOW TO REQUEST ADDITIONAL DETAILS ON THE STEPS WE TAKE TO PROTECT YOUR PERSONAL INFORMATION

Further details on the steps we take to protect your personal information are available from us on request by contacting our DPO, whose details are set out at section 13 (Further questions and how to make a complaint), at any time.

7 - HOW LONG WE STORE YOUR PERSONAL INFORMATION

7.1 - PERSONAL INFORMATION RETENTION PERIOD

We keep your personal information for no longer than necessary for the purposes for which the personal information is processed. The length of time for which we retain personal information depends on the purposes for which we collect and use it and/or as required to comply with applicable laws and to establish, exercise or defend our legal rights.

7.2 - REMOVING YOUR PERSONAL INFORMATION FROM THE SERVICES

If you wish to remove your personal information from the Website (except for your IP address and logs tracked), you can close your account at any time. However, please note that even if you delete your account, we may still retain some personal information to comply with our obligations under laws or regulations.

8** - YOUR RIGHTS**

8.1 - GENERAL INFORMATION ON THE EXERCISE OF YOUR RIGHTS

In relation to the use of the Wallets, we generally do not collect and store personal information, except for the limited information under sections 2.1 and 2.2. You have certain rights in relation to your personal information. If you are located in the European Union, please refer to section 8.2 for information relating to your rights. If you are located outside the European Union, please refer to section 8.3 for information relating to your rights.

If you would like further information in relation to these or would like to exercise any of them, please contact our DPO, whose details are set out at section 14 (Further questions and how to make a complaint), at any time.

We will consider all such requests and provide our response within a reasonable period (and in any event within one (1) month of your request unless we tell you we are entitled to a longer period under applicable law). Please note, however, that (i) we require proof of identity before responding to any requests to exercise your rights and (ii) certain personal information may be exempt from such requests in certain circumstances, for example if we need to keep using the information to comply with our own legal obligations or to establish, exercise or defend legal claims.

If an exception applies, we will tell you this when responding to your request. We may request that you provide us with information necessary to confirm your identity before responding to any request you make.

8.2 - INDIVIDUALS LOCATED WITHIN THE EUROPEAN UNION

If you are located in the European Union, you have the following rights:

  • Right of access - You have a right of access to any personal information we hold about you. You can ask us for a copy of your personal information; request confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place if we transfer your information outside of the EEA.
  • Right to update your information - You have a right to request an update to any of your personal information which is out of date or incorrect.
  • Right to delete your information - You have a right to ask us to delete any personal information which we are holding about you in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13 (Further questions and how to make a complaint).
    We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are, using the contact details in section 13 (Further questions and how to make a complaint).
  • Right to restrict use of your information - You have a right to ask us to restrict the way that we process your personal information in certain specific circumstances. You can ask us for further information on these specific circumstances by contacting us using the details in section 13 (Further questions and how to make a complaint).
    We will pass your request onto other recipients of your personal information unless that is impossible or involves disproportionate effort. You can ask us who the recipients are using the contact details in section 13 (Further questions and how to make a complaint).
  • Right to stop marketing - You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.
  • Right to data portability - You have a right to ask us to provide your personal information to a third party provider of services. This right only applies where we use your personal information on the basis of your consent or performance of a contract; and where our use of your information is carried out by automated means.
  • Right to object - You have a right to ask us to consider any valid objections which you have to our use of your personal information where we process your personal information on the basis of our or another person’s legitimate interest.

8.3 - INDIVIDUALS LOCATED OUTSIDE THE EUROPEAN UNION

If you are not located in the European Union, you have the following rights:

  • Right of access - You have a right of access (subject to various exceptions and in accordance with data protection legislation in your country) to any personal information we hold about you. You can ask us for a copy of your personal information; confirmation as to whether your personal information is being used by us; details about how and why it is being used; and details of the safeguards which are in place when we handle your information.
    Where permitted by law, we reserve the right to charge reasonable administrative fee to cover the costs of responding to your request. If we decide to do so, we will provide you with a written estimate of such fee beforehand.
  • Right to update your information - You have a right to request an update to any of your personal information which is out of date or incorrect.
  • Right to stop marketing - You have a right to ask us to stop using your personal information for direct marketing purposes. If you exercise this right, we will stop using your personal information for this purpose.

9 - MARKETING

9.1 - PERSONAL INFORMATION USED FOR MARKETING

We also collect and use your personal information for undertaking marketing by email. We may send you certain marketing communications (including electronic marketing communications) if you have chosen to opt-in.

9.2 - CONSENT FOR MARKETING COMMUNICATIONS

We will always obtain your consent to send you direct marketing communications where we are required to do so by law and if we intend to disclose your personal information to any third party for such marketing.

9.3 - HOW TO OPT-OUT OF MARKETING COMMUNICATIONS

If you wish to stop receiving marketing communications, you can choose to opt-out of receiving messages from us or the Website by following directions on the bottom of the email message you receive.

10 - CHILDREN’S PRIVACY

10.1 - INFORMATION COLLECTION

Enjin recognizes the importance of children’s safety and privacy on the Internet. For this reason, and in compliance with certain laws, we do not intentionally collect personal information from children, nor do we offer any content targeted to children. We do not collect information relating to the age of individuals using our Services and, therefore, we recommend parents and guardians of children using our Services regularly clear their browser cache and/or browsing history to clear cookies.

11 - RISKS AND HOW WE KEEP YOUR PERSONAL INFORMATION SECURE

11.1 - RISK IDENTIFICATION

The main risk of our processing of your personal information is if it is lost, stolen or misused. This could lead to your personal information being in the hands of someone else who may use it fraudulently or make public information that you would prefer to keep private.

11.2 - RISK MITIGATION

For this reason, Enjin is committed to protecting the personal information that has been provided to us from loss, theft and misuse. We take all reasonable precautions to safeguard the confidentiality of your personal information, including through use of appropriate organizational and technical measures. We secure your personal information via TLS, and use a secure service to prevent unauthorized access to data. Data is protected by encryption and secured through access control lists, security keys / tokens, IP whitelisting and by the use of username / password access. Enjin also carries out access audits of its staff in order to detect any unauthorized access.

11.3 - TRANSMISSION SECURITY

In the course of provision of your personal information to us, your personal information may be transferred over the internet. Although we make every effort to protect the personal information which you provide to us, the transmission of information over the internet is not completely secure. As such, you acknowledge and accept that we cannot guarantee the security of your personal information transmitted from the Website and that any such transmission is at your own risk. Once we have received your personal information, we will use strict procedures and security features to prevent unauthorized access to it.

11.4 - YOUR RESPONSIBILITY

Where you have chosen a password which enables you to access your account on the Website, you are responsible for keeping this password confidential. We require that you do not share your passwords with anyone else. You are likewise responsible for the security of your digital wallet (whether you use the Enjin Wallet or a third-party wallet). You must take the necessary measures to ensure that your digital wallet remains secure at all times. If you have issues with your wallet or a payment, please contact the relevant third-party wallet provider or payment processor.

12 - LINKS TO OTHER WEBSITES

12.1 - HYPERLINKS TO THIRD PARTIES & EXTENT OF OUR PRIVACY POLICY

The Website may contain hyperlinks to websites that are not operated by us but by third parties. These hyperlinks are provided for your reference and convenience only and do not imply any endorsement of the activities of such third-party websites or any association with their operators. These third-party hyperlinks could potentially be user-generated in nature, as when a URL is embedded into an NFT or collection. When you click on these hyperlinks, you become subject to the third party’s privacy practices. This Privacy Policy only applies to the personal information that we collect or which we receive from third party sources, and we cannot be responsible for personal information about you that is collected and stored by third parties.

12.2 - THIRD PARTY CONDITIONS/POLICIES

Third party websites have their own terms and conditions and privacy policies, and you should read these carefully before you submit any personal information to these websites. We do not endorse or otherwise accept any responsibility or liability for the content of such third party websites or third party terms and conditions or policies.

13 - CHANGES TO OUR PRIVACY POLICY

Because of the evolving nature of technologies and the way we conduct business, we may update our Privacy Policy from time to time. Any changes we make to our Privacy Policy in the future will be posted on this page. You can determine when the policy was last updated by looking at the “Updated” date at the top and bottom of this policy. If there are material and substantial changes to the policy, we will note as such through a prominent notice on our Wallets. Please check back frequently to see any updates or changes to our Privacy Policy.

14 - FURTHER QUESTIONS AND HOW TO MAKE A COMPLAINT

14.1 - SUBMITTING A QUERY OR COMPLAINT TO ENJIN

If you have any queries or complaints about our collection, use or storage of your personal information, or if you wish to exercise any of your rights in relation to your personal information, please contact our DPO, Oscar Franklin Tan, at privacy@enjin.io. We will investigate and attempt to resolve any such complaint or dispute regarding the use or disclosure of your personal information.

14.2 - SUBMITTING A COMPLAINT UNDER THE EU’S GENERAL DATA PROTECTION REGULATION

If you are an EU citizen, you may also make a complaint to the relevant data protection regulator under the EU’s General Data Protection Regulation.

The practices described in this Privacy Policy are current as of 1st May 2023.