Updated 14 March 2024
​

We are delighted that you have chosen to visit our website. We take our data protection responsibilities with the utmost seriousness, and we have designed our website for navigation and use without having to provide Personal Data.

This Policy sets out what Personal Data we collect, how we process it, and how long we retain it. This Policy applies to all processing activities where we act as a data controller. In this policy, "we", "us" and "our" refer to Gnosis Pay Co Ltd, a company incorporated in England and Wales with its registered address at 12 New Fetter Lane, London, United Kingdom, EC4A 1JP. We operate the “gnosispay.com” website and the GnosisPay mobile application (“Services”). For more information about us, see the “Our Details” section of this policy.

In this Policy, “personal data” means any information relating to you as an identified or identifiable natural person (“Data Subject”); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an online identifier or to one or more factors specific to your physical, physiological, genetic, mental, economic, cultural or social identity.

In this Policy, “processing” means any operation or set of operations which is performed on personal data (as defined in this Privacy Policy) or on sets of personal data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.

Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.

Blockchain records are ‘immutable’ by design, meaning they cannot be changed or deleted. Immutability can impact users’ ability to exercise rights such as rights to erasure (‘right to be forgotten’) or to object or restrict processing of personal data. Data on the blockchain cannot be erased and cannot be changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.

In certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens), it will be necessary to write certain personal data, such as your Ethereum or other cryptocurrency wallet address, onto the blockchain; this is done through a smart contract and requires you to execute such transactions using your wallet’s private key.

In most cases, the ultimate decisions to (i) transact on the blockchain using your Ethereum or other cryptocurrency wallet address, as well as (ii) share the public key relating to your Ethereum or other cryptocurrency wallet address with anyone (including us) rests with you.

We may collect and process Personal Data about your use of our website. This data may include:

This data may be processed in order to deliver the content of our website correctly, to optimize the content of our website to ensure the long-term viability of our information technology systems and website technology and to provide law enforcement authorities with the information necessary for criminal prosecution in case of a cyber-attack.

The legal basis for this processing is our legitimate business interests, namely monitoring and improving our website and the proper protection of our business against risks and your consent when agreeing to accept cookies

We may collect and process the Personal Data that you provide to us for the purpose of joining our waitlist. This data may include:

This data is collected and processed for the purpose of delivering our cards.

The legal basis for this processing is your consent as provided in the double opt-in confirmation part of joining out waitlist.

These data will be stored as long as we are required for legal purposes.

In this case, a partner service may ask you to provide personal data including but not limited to:

Name; billing address; shipping address; email address; place of birth; date of birth; identification document information, personal photo, biometric face scans, financial details, and company/workplace details; wallet address; payment information (including credit card number); phone number; username and password used for the Services; information about orders; and any other information you provide to us.

We may process any of your Personal Data where it is necessary to establish, exercise, or defend legal claims. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights, your legal rights, and the legal rights of others.

Further, we may process your Personal Data where such processing is necessary in order for us to comply with a legal obligation to which we are subject. The legal basis for this processing is our legitimate interests, namely the protection and assertion of our legal rights.

In order to obtain a GnosisPay card, you will need to undertake KYC with Fractal ID as our KYC service provider (“KYC Provider”), and the KYC Provider will need to store your personal data to support us in meeting our ongoing legal and compliance obligations.

During this process you may be required to provide the following categories of personal data to access. Your provision of this personal data is always voluntary, but if certain personal data is not provided you may not be able to use our service:

name, nationality, country of residence, address, IP address, wallet address, phone number, place of birth, date of birth, identification documents (including, without limitation, proof of residence address, and passport or other proof of identity), personal photo, biometric face scans, financial details, and company/workplace details.

Your provision of this personal data is always voluntary and you may request the KYC Provider to delete this personal data at any time. However, insofar as we require the KYC Provider’s services to support us in meeting our ongoing legal and compliance obligations, if certain personal data is no longer stored and processed by the KYC Provider, you may no longer be able to use our Services.

Fractal’s privacy policy is available here.

We use Zootools to help us collect the information for our waitlist.

We store this data collected by Zootools:

EOA address

Country of residence

Name

Email

Zootools’ privacy policy is available herehttps://zootools.co/legal/privacy

In order to provide user support we will use this email address [email protected].

By accepting this Privacy Policy, you are deemed to consent to providing the following Personal Data to persons looking to resolve any dispute:

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our Service. This data is shared with other Google services. Google may use the collected data to contextualise and personalise the ads of its own advertising network.

You can opt-out of having made your activity on the Service available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js and dc.js) from sharing information with Google Analytics about visits activity.

For more information on the privacy practices of Google, please visit the Google Privacy & Terms web page: https://policies.google.com/privacy

We use Spindl as an analytics tool.

For more information on the privacy practices of Spindl, please visit their Privacy Policy herehttps://www.spindl.xyz/privacy-policy

We use Segment as a source of analytics. This helps us analyse customer data and create customised marketing strategies for higher engagement.

For more information on the privacy practices of Segment , please visit their Privacy Policy here https://www.twilio.com/en-us/privacy

We may pass your information to our Business Partners, administration centres, third-party service providers, agents, subcontractors, and other associated organisations for the purposes of completing tasks and providing our services to you. In addition, when we use any other third-party service providers, we will disclose only the personal information that is necessary to deliver the service required and we will ensure, that they keep your information secure and not to use it for their own direct marketing purposes. In addition, we may transfer your personal information to a third party as part of a sale of some, or all, of our business and assets or as part of any business restructuring or reorganisation, or if we are under a duty to disclose or share your personal data in order to comply with any legal obligation. However, we will take steps to ensure that your privacy rights continue to be protected.

We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, or accessed in an unauthorised way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.

We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

You have the right to request:

You can also:

If you have any of these requests, get in contact with [email protected]

You have the right to lodge a complaint with a relevant supervisory authority.

If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Information Commissioner Office under the UK GDPR. You may contact the ICO on the below details:

https://ico.org.uk/global/contact-us/

We retain your information only for as long as is necessary for the purposes for which we process the information as set out in this policy. However, we may retain your Personal Data for a longer period of time where such retention is necessary for compliance with a legal obligation to which we are subject, or in order to protect your vital interests or the vital interests of another natural person.

We may make changes to this Policy from time to time. Where we do so, we will notify those who have a business relationship with us or who are subscribed to our mailing lists directly of the changes and change the ‘Last Updated’ date above. We encourage you to review the Policy whenever you access or use our website to stay informed about our information practices and the choices available to you. If you do not agree to the revised Policy, you should discontinue your use of this website.
​

When you use the Services, we may automatically collect certain information that your browser sends, including information about your computer's Internet Protocol address (e.g. IP address), browser type, browser version, the pages of our Services that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers, and other diagnostic data.

When you access the Services by or through a mobile device, we may automatically collect information such as the type of mobile device you use, your mobile device unique ID, the IP address of your mobile device, your mobile operating system, the type of mobile Internet browser you use, unique device identifiers and other diagnostic data.

Additionally, we collect information about the individual web pages or products that you view, what sites or search terms referred you to the Services, and information about how you interact with the Services. We refer to this type of data as “Tracking Cookies Data”.

We collect Device Information and Tracking Cookies Data using the following technologies:

Cookies are files with small amount of data which may include an anonymous unique identifier. Cookies are sent to your browser from a website and stored on your device. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. For more information about cookies, and how to disable cookies, visit http://www.allaboutcookies.org.

Two types of cookies may be used on the Website - "session cookies" and "persistent cookies".

Session cookies are temporary cookies that remain on your device until you leave the Services. A persistent cookie remains on your device for much longer or until you manually delete it (how long the cookie remains on your device will depend on the duration or "lifetime" of the specific cookie and your browser settings).

We collect “Necessary Cookies” and “Performance Cookies” which do not identify you as an individual.

If you do not agree to our use of Cookies, you should set your browser settings accordingly or not use our Services. By continuing to use our Services without changing your settings, you are agreeing to our use of Cookies and the terms with regard to Cookies of this Privacy Policy.

Log files track actions occurring in the Services, and collect data including your IP address, browser type, Internet service provider, referring/exit pages, and date/time stamps.

“Web beacons”, “tags”, and “pixels” are electronic files used to record information about how you browse the Services.

Google Analytics is a web analytics service offered by Google Inc. that tracks and reports website traffic (such as navigation path, length of stay, returning or new user, end device). Google uses the data collected to track and monitor the use of our Services. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. We do not use the information and personal data collected by Google Analytics to identify individuals unless we become aware of specific indications of illegal use. For more information on the privacy practices of Google, please visit the Google Privacy Terms web page:http://www.google.com/intl/en/policies/privacy/. We also encourage you to review the Google's policy for safeguarding your data: https://support.google.com/analytics/answer/6004245. You can also opt-out of Google Analytics here: https://tools.google.com/dlpage/gaoptout. By continuing to use our Services without opting out to Google Analytics, you are agreeing to the collection of data by Google Analytics.

Gnosis Pay Co Ltd.

12 New Fetter Lane

London

United Kingdom EC4A 1JP

If you have any queries concerning your rights under this Privacy Policy, please contact us at [email protected]