We are bound by the Data Protection Act (the ‘Act’), Chapter 440 of the Laws of Malta. We will protect your personal information and respect your privacy in accordance with best business practices and applicable laws at all times.
For the purposes of the Act, the data controller is intimate.io Limited, a company existing under the laws of Malta, with company registration number C 86006 and having its registered address at Level G (Office 2/1017), Quantum House, Abate Rigord Street, Ta’ Xbiex XBX 1120, together with its parent company, subsidiaries and affiliates, (“Company”, “us”, and “intimate”).
Your privacy is very important to us. We understand you want to remain in control of your personal information and that we must earn and retain your trust.
‘personal data’ or ‘personal information’ means any information relating to an identified or identifiable natural person (also known as the ‘data subject’); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person
In short, personal information includes information that is attributable to a specific individual, such as name, address, telephone number, email address and payment details, as well as other information that may be used, alone or together with other data, to identify a person.
- Access to your personal data – We are happy to provide you with access to the personal information we process about you. However, we may need to verify your identity prior to doing so. We may ask you for proof of identity, as well as sufficient information about your interactions with us so that we can locate the relevant data. Please contact us on email@example.com to exercise your right in this manner.
- Rectification of your personal data – It is important that the personal data we hold about you is accurate and current. If at any time during the term of our business relationship you realise that certain data we hold about you is not accurate or up-to-date, we kindly ask you to contact us to correct such data. We may ask for further documentation from you to verify certain details, if this is necessary. Please contact us on firstname.lastname@example.org to exercise your right in this manner.
- Erasure of your personal data – As a data subject, you have a right to request the erasure of your personal data (the right to be forgotten). However, this right is not absolute, and so it may not always be possible for us to erase your data immediately as we are subject to certain legal obligations which may prevent us from doing so. We will always inform you when we are unable to process your request for such reasons. Please contact us on email@example.com to exercise your right in this manner.
- Restriction of processing your personal data – This means that you may ask us to suspend the processing of your personal data in the following situations: (a) if you want us to ensure the data’s accuracy, (b) where we are using your data unlawfully, but you do not wish for us to erase it, (c) where you need us to hold on to your data even when we no longer need it, as you may need it to establish, exercise, or defend legal claims, or (d) where you have objected to our use of your data, but we need to verify whether we have any overriding legitimate grounds to use it. Please contact us on firstname.lastname@example.org to exercise your right in this manner.
- Objection to process your personal data - Where we rely on our legitimate interest (or those of a third party) to process your personal data, and you wish to object to us processing your data on this ground as you feel it impacts on your fundamental right and freedoms, you may exercise your right to object to the processing. The right to object to processing may also be exercised where we are processing your data for direct marketing purposes. In some cases, we may be able to demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms. Please contact us on email@example.com to exercise your right in this manner.
- Right to data portability – You may request us to transfer your personal data to you or another third party. We will provide to you, or a third party of your choice, your personal data in a structured, commonly used, machine-readable format. This right only applies to automated information which you initially provided consent for us to use, or where we used the information to fulfil our obligations under our contract with you. Please contact us on firstname.lastname@example.org to exercise your right in this manner.
- Opting-out of receiving marketing and promotional material – Where we are relying on your consent to process such personal data, you may withdraw your consent at any time. However, ‘opting out’ or withdrawing your consent will not affect the lawfulness of any processing carried out before you withdraw your consent. Please contact us on email@example.com to exercise your right in this manner.
- Right to file a complaint with the Authorities – If you are not satisfied with the way we are managing your personal data, it is your right to make a complaint at any time to a data protection authority of your choice. We would, however, appreciate the chance to deal with any concerns you may have before you approach a Supervisory Authority. Kindly contact us on firstname.lastname@example.org with any concerns you may have, and we will do our utmost to address your concerns in a satisfactory manner.
What data do we process, and how do we use it?
In general, you do not need to provide us with any of your personal data when casually browsing the Website. The provision of personal information is requested and required only if and when you register with the Website. In order for you to participate in the ICO and use the ITM Tokens in the manner as prescribed in the Terms & Conditions, we may need to collect the following data:
In addition to the above purposes, we will use your personal data for the following purposes:
- To verify and administer your account – this includes ensuring that your payments are successful;
- To send you service emails – upon registration, we may send you an initial email to confirm your registration. We may also send you further emails if there are any changes to our Terms & Conditions, or if we need to contact you regarding your account. You cannot opt out of receiving such emails, however we can assure you that we will only send you such emails when absolutely necessary;
- Where you wish for us to do so; to send you promotional materials – as our customer, you may opt in at any time to receive updates from us that may be of interest to you via email. If you have opted in to receive marketing messages, we will use your personal data to keep you informed on current and forthcoming products, services, offers or promotions that may be of interest to you. You may opt out of receiving such communications at any time, either by unsubscribing through the link provided in the email communication, or through the opt out feature in your account settings found on the Website’s home page;
- Service providers – from time to time, we may share your personal data with third party service providers who are entrusted to perform certain data processing activities on our behalf (‘Data Processors’). Whenever we engage our Data Processors, we do our utmost to ensure that these Data Processors process your data in compliance with all data protection laws, and in a secure and confidential manner, following the best business practice standards. We currently use Data Processors to assist us with the following data processing activities:
- For Know Your Customer (‘KYC’) checks;
Transfers of Personal Data
Whenever we transfer your personal data out of the EEA, we ensure that a similar degree of protection is afforded to it by ensuring that at least one of the following safeguards is implemented:
(a) We will only transfer your personal data to countries that have been deemed to provide an adequate level of protection for personal data by the European Commission;
(b) Where we use certain service providers, we may use specific contracts approved by the European Commission which give personal data the same protection it has in Europe;
(c) Where we use providers based in the United States of America, we may transfer data to them if they are part of the Privacy Shield which requires them to provide similar protection to personal data shared between the European Union and the United States.
We do not trade your personal information to third parties for marketing purposes without your express consent.
How long do we keep your data?
We only retain your personal data for as long as is necessary for the purpose that we originally collected it for and as authorised by applicable laws. Where we are not bound by any law to retain your data for a specified period of time, we will retain such data for the whole duration of our business relationship, unless you exercise your right to erasure, in which case we are duty bound to erase your data.
We are committed to protecting our users’ information. Your password protects your user account, so you should use a unique and strong password, limit access to your computer and browser, and log out after having used the Website.
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need-to-know. They will only process your personal data on our instructions, and are subject to a duty of confidentiality.
While we take data protection precautions, no security measures are completely secure, and we cannot fully guarantee the security of user information.
You should be aware that in addition to the circumstances described above, we may disclose your financial or personal information if required to do so by law, court order, as requested by other government or law enforcement authority, or in the good faith belief that disclosure is otherwise necessary or when we have reason to believe that disclosing the information is necessary to identify, contact or bring legal action against someone who may be causing interference with our rights or properties, whether intentionally or otherwise, or when anyone else could be harmed by such activities.
All information you provide to us is stored on our secure servers located within the European Union. Any payment transactions are encrypted using SSL technology.