DatawalletDatawallet

Datawallet's Privacy Policy

Last modified: March 18, 2020

This Privacy Policy describes how we use, disclose, and protect the data we collect when you use our products and services.

Overview.

Datawallet obtains Personal Data from various sources to provide our various services and products:

  1. Datawallet's Website (namely www.datawallet.com) provides information to website-visitors interested in Datawallet. With respect to our Website:

    • We collect Personal Data directly from visitors when they provide it, such as when they fill out a form.
    • We use cookies.
  2. Datawallet offers a browser plugin product to any individual who wishes to control their data (henceforth "Personal Datawallet"). With respect to an individual's Personal Datawallet:

    • We collect and process the individual's email address for account creation and authentication.
    • When an individual requests to provide their data to a Party—and only in that situation—Datawallet processes the data to securely transfer the data they selected to the Party they selected.
    • The plugin performs all other processing on the individuals own machine, outside of the scope of Datawallet's organization and servers.
  3. Datawallet offers a product to help businesses ("Clients") become compliant with US and European privacy laws, such as the CCPA and the GDPR, called "Datawallet Consumer First Compliance" (henceforth "Datawallet Compliance"). We act as a service provider to our Clients. With respect to Datawallet Compliance:

    • We collect and process a Client's Personal Data to provide them with an account, communicate with them, and to enhance our services.
    • With respect to the data of the Consumers of our Clients, we act as a data-processor. Consumers who wish to exercise their GDPR rights, such as the right to access, erasure or correction, are advised to submit these requests to the Client with whom they have a relationship, who acts as the Controller of their personal data.
    • We only collect and process a Consumer's Personal Data to enable the secure transfer of information from the Consumer to the Client, or from the Client to the Consumer, usually in the context of a data subject request.
    • We auto-delete all Consumer Personal Data seven days after a completed transaction between a Consumer and a Client. Metadata stripped of Personal Data and is then kept for compliance record keeping.

Key definitions.

"Anonymous Data" means information that does not, and cannot be used to identify a single individual.

"Consumer" refers to consumers of businesses using Datawallet Compliance ("Clients"). Datawallet acts as a processor of this Consumer data, the Client is the data-controller.

"Client" refers to the businesses using Datawallet Compliance to ensure their compliance with the relevant privacy laws.

"Cookies" are pieces of information that a website transfers to your computer's hard disk for record-keeping purposes. Cookies are uniquely assigned to your browser, and can only be read by a web server in the domain that issued the cookie to you. Cookies cannot be used to run programs or deliver viruses to your computer. To learn more about cookies and web beacons, visit www.allaboutcookies.org.

"Datawallet" "we" and "us" refer to Datawallet, Inc., which is located at 511 Ave of the Americas, Unit #967, New York, NY 10011 and Pnyks GmbH, located at Christinenstraße 19a, 10119 Berlin. You can contact us via email at business@datawallet.com

"Datawallet Compliance" refers to the software tool that Datawallet makes available to businesses ("Clients") to help them comply with the relevant privacy laws, such as GDPR and CCPA. Clients can use Datawallet Compliance to allow their Consumers to exercise their data rights with respect to that Client.

"Party" refers to any recipient of the Consumer's data (other than the same Consumer), including Datawallet, Clients, and any other person or institution.

"Personal Datawallet" refers to the secure digital wallet that is made available directly to Individuals here, where the Individuals can store their data from various services (e.g. Facebook, Amazon, Linkeden, etc.).

"Personal Data" means information that can be used to identify any individual, whether alone or in combination with other information.

"Website" means the websites that we offer, namely www.datawallet.com and its pages.

Datawallet as a processor: Consumers of Clients using Datawallet Compliance.

Businesses ("Clients") can use Datawallet Compliance to allow their consumers to exercise their data rights. We act as a service provider to our Clients, and handle the data of their Consumers as a data processor. To exercise any of the data rights granted under any applicable privacy laws, Consumers should direct their requests at the Client. At Datawallet we are unable to respond to such data-requests.

Below follows a description of how we handle the data of the Consumers of our Clients, because we believe that Consumers deserve to understand how their personal data is being processed.

When the Consumer submits a Data Subject Request (DSR) to a Client—such as a request to delete their Personal Data or a request to opt out of the sale of their Personal Data—we may collect Personal Data that the Client requires to verify the Consumer's identity.

We may collect:

  • Consumer's full name (First, Last, Middle)
  • Consumer's email address(es)
  • Consumer's phone number(s)

Additionally, when the Consumer submits a request for a copy of their Personal Data from a Client, the Client can use our services to securely transfer the requested data file to the Consumer.

This Personal Data is encrypted and stored on our secure servers; the submitted Personal Data is auto-deleted seven days after a completed request-transaction between the Client and the Consumer. Metadata is kept for compliance record keeping. For this secure transfer process, wee may—for a limited time—collect any and all types of the Consumer's Personal Data; it is wholly dependent on what the Client collects.

Consumer access to Datawallet Compliance is created without the use of any Personal Data. Datawallet does not have access to the account-credentials that a Consumer may use with the Client.

Further sections do not apply to Consumers as defined above.

What kinds of Personal Data do we collect from where?

The kinds of Personal Data we collect will depend on which of our products or services you use: be it Datawallet Compliance (as a Client or as a Consumer), Personal Datawallet, or our Website. Datawallet acts as a data-controller with respect to the personal data of Clients using Datawallet Compliance, individuals using a Personal Datawallet, and website visitors accessing the Website. This and later sections will only focus on the data of these audiences.

With respect to the Personal Data of Consumers of our Clients using Datawallet Compliance, we act as a service provider to our Client, and as a data processor for the data about Consumers of our Clients. For more information about how we handle this Consumer-data, see the above section (Datawallet as a processor: Consumers of Clients using Datawallet Compliance).

Clients who use Datawallet Compliance.

Directly from you, or from your employer or co-workers, we may collect your Personal Data in order to provide you access to your Datawallet Compliance accounts, as well as to provide support for the product you are using.

We may collect:

  • Your full name (First, Last, Middle)
  • Your email address(es)
  • Your phone number(s)

Individuals who use a Personal Datawallet.

Directly from you, we collect your email address in order to create your Personal Datawallet account, as your email address is used as your account ID. Related, when you need to log into your account, we will re-collect your email address.

After the personal Datawallet is created, individuals can add their information from third party platforms (such as your Facebook, Amazon, or LinkedIn account information), and some of that information will likely be Personal Data. We do not store any of this third party data within our systems, but in the case of a Platform error we may log an individuals device information to help us troubleshoot.

The Personal Datawallet will only process this data at the individual's direction, and only for the following purposes:

  • To locally parse, encrypt, and then store the data within an individual's Personal Datawallet.
  • To delete a set of data from the individual's Personal Datawallet.
  • To share a clearly-defined subset of data within an individual's Personal Datawallet with another Party.

For a full list of the categories of Personal Data an individual may upload to their Datawallet, please refer to the list below.

  • Behavior Data, such as browser history, music streaming history, and search histories.
  • Communication Data, such as posts, comments, messages, and emails.
  • Demographic Data, such as age, gender, and address location.
  • Device Data, such as browser information, operating system, and IP address
  • Identity Data, such as ethnicity, lifestyle, and beliefs.
  • Interests Data, such as likes, groups, venues, playlists, and bookmarks.
  • Professional Data, such as job and education history, income range and history, job search history, and preferences.
  • Social Network, such as your friends, family, contacts, and co-workers.
  • Transactional Data, such as Amazon order history, Facebook payments, and Facebook Marketplace activity.

Visitors who use our Website

Directly from you, we collect your Personal Data in order to provide you marketing materials and sales support.

We may collect:

  • Your full name (First, Last)
  • Your email address(es)
  • Your phone number(s)
  • Your Company's name
  • Your Job Title
  • Any Personal Data you include in your custom message to us

Depending on your cookie settings, we may also collect information about you via the cookies you allow. However, this information is not Personal Data by itself, although we may combine it with the Personal Data you directly provide us. For more information about how we use Cookies and your choices, please see the section Our Cookie Policy.

How do we use Personal Data?

We do not sell anyone's Personal Data.

We do not and will not sell Personal Data. We will only use Personal Data for our own business purposes. The exact ways in which we use your data is explained in more detail below.

Clients who use Datawallet Compliance.

We may use your Personal Data to:

  • Provide you access to your Datawallet Compliance accounts.
  • Provide support for the Datawallet Compliance product you are using.

Our legal basis for processing your data is to perform our obligations under a contract with you, our Client (for example, to comply with any terms you or your employer has agreed to as a part of the Datawallet Terms of Service or to offer Customer Service.)

We may also use your Personal data if necessary to defend our legal rights or comply with a legal obligation.

When signing up to use Datawallet Compliance, we ask the user to read and consent to the most current version of the Privacy Policy. Therefore, we may use your Personal Data with your consent, as required by and in accordance with applicable law.

Individuals who use a Personal Datawallet.

For individuals who use a Personal Datawallet, we use your email address to help manage access to your account, and to provide you with customer support.

Our legal basis for processing this data is to perform our obligations under a contract with you (for example, to comply with any terms you have agreed to as part of your Personal Datawallet account) and to further our and your legitimate interests, such as offering customer service, improving your experience, and performing direct marketing.

The information that you add to your Personal Datawallet is only used at your direction. All of the data in the personal Datawallet is stored locally on the hard drive of the Individual's device via their browser, and we do not use, control, or have access to the data in the individual's Datawallet for our own purposes. If we need to use the Personal Data in a Datawallet for any purpose, we will take steps to obtain the Individual's explicit consent.

In the case of any errors with the Personal Datawallet service, we may log an individual's device information to help us troubleshoot the issue. The legal basis for this processing is to further our legitimate interests or the legitimate interest of others, for instance to allow us to improve your experience, perform quality control and prevent fraud.

We may also use your Personal data if necessary to defend our legal rights or comply with a legal obligation.

When signing up to use the Personal Datawallet, we ask you to read and consent to the most current version of the Privacy Policy. We may use your Personal Data when we have your consent, as required by and in accordance with applicable law.

Individuals who use our Website.

We use the other Personal Data we collect directly from you to

  • Communicate with you. We use the information you provide us to send you educational, marketing, sales, and support communications. We also use your information to respond to you when you contact us. The legal basis for this data-usage is to operate in our legitimate interests or the legitimate interests of others, for instance to offer customer service, perform direct marketing activities or to improve your experience.

We use the Anonymous Data we collect from cookies to

  • Troubleshoot and develop our Website. We use your information to understand how people use our Website, ensure a smooth experience of our Website, and to fix problems when they pop up. The legal basis for this processing is to further our legitimate interests or the legitimate interest of others, for instance to allow us to improve your experience, perform quality control and prevent security issues or fraud.

How do we share Personal Data?

We do not and will not sell Personal Data.

In addition to the purposes described in the section How do we use Personal Data?, we may share your Personal Data with others in the following ways:

  • With our service providers. We may share Personal Data with service providers who help support our business, products, and services. We use the following types of service providers: bug tracking; cloud server and storage services; usage analytics services. Your personal information is also shared with our email and marketing service providers when you contact us via email or via one of our online forms.
  • To comply with law. We may share Personal Data when we believe it is necessary to comply with laws applicable to us, including court orders, legal processes, and responding to government or regulatory requests.
  • To enforce our rights and the rights of others. We may share Personal Data with third parties: (i) to enforce or apply our Terms of Service, terms of sale, or other agreements with you; or (ii) when we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Datawallet, our customers, or others.
  • In the event of a corporate transaction. We may share Personal Data with a successor in interest if we are involved in a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding.

Additional sharing of personal data of Clients using Datawallet Compliance.

  • With our payment processor and email/marketing service providers. In addition to the service providers listed above, we may also share your Personal Data with payment processors and email/marketing service providers.

Additional sharing of personal data Individuals with a Personal.

Datawallet

  • With our reward service providers. In addition to the service providers listed above, we may also share your Personal Data with payment processors in order to provide you with rewards that you have chosen to redeem.
  • With another Party of your choice. When you direct your Personal Datawallet to share a clearly-defined subset of the data within an individual's Personal Datawallet with another Party, your Personal Datawallet will share this data with the chosen Party.

Your data rights.

We believe everyone deserves to be in control of their Personal Data, and we have taken steps to make it possible for all users of our products and services, to exercise the following rights with regard to the Personal Data we control about them:

  • The right to be informed about how their information is used. We inform individuals of the fact that we are collecting data when they access our products and services by referring to this Privacy Policy. This Policy describes our data handling processes.
  • The right to access the information we hold about individuals.
  • The right to request the correction of inaccurate information we hold. Individuals who use a Personal Datawallet and Clients can correct some of this information in their account settings.
  • The right to request that we delete information, or stop processing it or collecting it.
  • The right to withdraw consent for other processing activities for which you have given us your consent.
  • The right to request that we transfer information either to yourself or a third party.

How you can exercise your data rights.

Individuals using a Personal Datawallet.

You can exercise your data rights by sending an email to privacy@datawallet.com.

For the Personal Data in your Personal Datawallet, you can exercise these rights by choosing the relevant action in your account profile or your Datawallet menu. Also note that:

  • You can rectify certain information points from the "Account settings" menu in your Personal Datawallet.
  • You can completely remove data from a single data source by deleting that source from your Datawallet menu. Note that this may automatically remove you from certain offerings and services that you have signed up for.
  • If there is information in your Personal Datawallet that is incorrect about you from an outside data source (e.g., Facebook), then please correct that information at the source and then re-add it to your Personal Datawallet.

If you'd like to delete your Personal Datawallet and your associated account, please send your request to [privacy@datawallet.com]{.s6}. When you place an account deletion request, it can take us up to 30 days to honor that request.

If you decide you do not want to receive educational or marketing communications from us, you can click the unsubscribe link at the bottom of any educational or marketing email. Please note that even if you opt out of marketing communications, you may still receive administrative, legal, and other important communications from us.

Clients who use Datawallet Compliance / Visitors who use our Website.

You can exercise your data rights by sending an email to privacy@datawallet.com.

If you decide you do not want to receive educational or marketing communications from us, you can click the unsubscribe link at the bottom of any educational or marketing email or send an email to privacy@datawallet.com. Please note that even if you opt out of marketing communications, you may still receive administrative, legal, and other important communications from us.

How do we secure your Personal Data?

We have implemented technical, administrative, and physical security measures that are designed to protect your Personal Data from unauthorized access, disclosure, use, and modification. We regularly review our security procedures to consider appropriate new technology and methods. Please be aware that, despite our best efforts, no security measures are perfect or impenetrable.

How long do we keep your Personal Data?

It is our policy to not keep your Personal Data for longer than we need it. In certain circumstances, Personal Data are kept for the period of time during which claims against Datawallet may be enforced. Personal data are also saved to the extent that and for so long as we are legally obliged to do so.

We use Cookies, web beacons, pixel tags and other data collection technologies (together, "Data Collection Technology") on the Platform to help us improve your experience of our Website. For example, we use Google Analytics, a web-based analytics tool that tracks and reports on the manner in which the website is used to help us to improve it. Google Analytics does this by placing Cookies on your device. The information collected by the Cookies, such as the number of visitors to the website, the webpages visited and the length of time spent on the website, is aggregated. We also may use Data Collection Technology to collect information from the computer or device that you use to access our online services, such as your operating system type, browser type, domain and other system settings, as well as the language your system uses and the country and time zone in which your computer or device is located.

We automatically collect certain information from and about the computers, phones, and other devices you use with our products and services. We may combine this information across different devices you use.

Your Control of Cookies.

Most web browsers automatically accept Cookies, but you can usually modify your browser setting to decline Cookies. If you choose to decline Cookies, you may not be able to fully use all features of the Platform. You have the ability to delete Cookies files from your hard drive at anye time.

Do Not Track Signals.

Some web browsers incorporate a "Do Not Track" ("DNT") or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser's user. At this time, we do not honor the DNT signals we receive from your browsers.

Google Analytics.

You can download and install the Google Analytics opt-out browser add-on via this link https://tools.google.com/dlpage/gaoptout. Using this add-on, you can determine whether and on what scale Google Analytics collects and processes your data.

International Data Transfers.

We are committed to complying with this Privacy Policy and the data protection laws that apply to us. Datawallet is headquartered in the United States and has operations in the European Union. We recognize that the laws in the United States may be different and, in some cases, not as protective as the laws of other countries. By providing us with your Personal Data and using our Platform, you understand that your Personal Data will be transferred and processed in both the EU and the United States.

The Platform is not meant for children.

We are committed to protecting the privacy of children. The Platform is intended for adult users over the age of 16, and it is not designed to attract child users. We do not knowingly collect Personal Data from any person we actually know is a child under the age of 16. If we learn that any of our users are under the age of 16, we delete their account and their associated Personal Data.

Special Notice to California Residents.

California Civil Code Section 1798.83 permits individual California residents to request certain information regarding our disclosure of certain categories of Personal Data to third parties for those third parties' direct marketing purposes, which we only do if you have explicitly consented to allow such disclosures. You may submit these requests to privacy@datawallet.com.

Third Party Websites.

Our Platform may contain links to other websites on the Internet, and other websites may contain links to the Platform. These third party websites are not under our control, and this Policy does not cover the privacy and security practices of those third party operators. We are not responsible for the privacy or security practices or the content of such websites, and we recommend that you review the privacy practices of any third party website to which you use or submit your information.

How will we notify you of changes to this Privacy Policy?

We will notify you before we make material changes to this Policy and give you the opportunity to review (for example, via email or a notification within Datawallet Compliance) the revised Privacy Policy before you choose to continue using our Platform.

Contacting Datawallet.

If you have any questions about this Privacy Policy, please contact us at:

Datawallet Inc. 511 Ave of the Americas Unit #967 New York, NY 10011 email: privacy@datawallet.com

If you are located in the European Union, you have the right to lodge a complaint with your national data protection authority. Contact information for your data protection authority can be found on the European Data Protection Board website.