Last updated: July 9, 2022
All the terms in this Policy are used in the same meaning as in these documents.
The Policy inform you how Zephyr (“Zephyr”, “we”, “us” or “our”) processed your personal data on the website https://zephyr.digital/ (“Website”).
Here at Zephyr, we respect your privacy and do everything for the protection of the information that you give us.
What is personal data?
Personal data (or data) is any information relating to you and that alone or in combination with other pieces of information gives an opportunity to identify you as an individual. It can be your login, your location data, or information related to your physical, economic or social identity. Personal data also includes such technical information as a Media Access Control address (MAC-addresses) or Internet Protocol address (IP-address), browser and system information.
Processing of the personal data means any action with it, for example, collection, recording, organizing, structuring, storage, use, disclosure by any means and so on.
What data we collect, how and for what purposes
Children Under the Age of 18
Our Website is not intended for children under 18 years of age. No underaged persons shall provide any personal data to or on the Website. If we obtain actual knowledge that we have collected personal data from a person under the age of legal capacity in their country, we will promptly delete it, unless we are legally obligated to retain such data. If you believe we may have mistakenly or unintentionally collected any information from or about a person under 18, please contact us using the contact information provided below.
Data you voluntary provide us
There is no need to create an account when searching and viewing information on the Website, such as list of pools, coins` values and costs, information about the most valuable players, as well as Zephyr blog and FAQ.
If you decide to create an account for obtaining the Zephir Services, you will need to provide us with your email address. You will also need to create a password. Without this data we will not be able to provide you with our main Services.
You may also sign up through the third-party software cryptocurrency wallet (e.g. MetaMask). In that case, you give us consent to extract the address of such a wallet.
The following information will be publicly displayed:
- the image you have selected as your user avatar, username, date of account registration, total reward from the Website.
The following information will not be publicly displayed:
- your email and wallet address together with your personal data (although the wallet address connected to the forecasts will be stored in blockchain, due to the mere nature of Blockchain technology; such wallet address will not allow your identification, unless you make your wallet address public on some third-party resources).
If you register an account within the referral program, the user who created the referral link may see your partially hidden email, registration date, your nickname, trading volume on the Website, date of the first transaction and status (pending, registred, start trading) (as necessary to do under the terms of the referral program).
Also, if you register an account within the referral program, our third party payment processor will process your email data for the purpose of verification and reward processing.
We process personal data related to accounts to provide you with our main Services, including creating and maintaining your account, allowing you to add forecasts, communicating with you at your request, identifying you when you want to transfer your reward to your wallet and for marketing purposes.
At your own discretion, you may supplement your account information, for instance, you can add an avatar or photo to the account. We will process such data only to let you customize your account at your own choice.
Sometimes, when you do not consent to subscription during the registration, we may process your email and username on the basis of our legitimate interest to send you newsletters and other communication. We may do so to provide you with some useful information, notify you of any updates regarding our Website or Services and inform you about our offers. In no case we will overwhelm you with letters, but, at any time, you can choose to stop receiving our emails. If you want to cease this type of communication, simply use “Unsubscribe” button which is present in each of our emails, or choose the relevant option in your account preferences.
We will store all your account data as long as you keep your account active. We will also store your account data within 30 days after the account deletion to be able to reactivate your account if you change your mind, and to be able to reach you in case of any dispute. After such a period, we may store the limited amount of data archived with limited access, if we have overriding legitimate grounds for the processing (like our legitimate interest, legal obligation or for the establishment, exercise or defence of legal claims).
However some data, such as your active and/or expired forecasts will be saved even when you delete your account or ask us to remove all your personal data. This is since such data has already been integrated into the blockchain. This data must be stored to maintain the integrity of the Services and Website as well as for legitimate business processes, including audits and security purposes. Also, we do not have the real possibility to delete such data from the blockchain. So, by using the Website you confirm that you understand how blockchain technology works and agree with adding information about your forecast to the blockchain, which can not be deleted while the relevant blockchain exists. In case of your account deletion, we replace your username in Website bases to “Deleted account”, but we still may store the depersonalized information about your forecasts.
We also process any personal data you choose to give when corresponding with us by email, Website features or otherwise visiting and interacting with this Website.
We use this data either to perform the contract with you (the accepted Terms), or based on our legitimate interest. The purpose is only to send you information about our Services that are similar to the Services you participated or are interest to (unless you have refused or opted out of receiving these emails at the time you provided us with your email address or you have indicated to us that you do not wish to receive communications in this manner). Also, we keep the contact data provided by you to make it easier for you to communicate with our managers or support staff.
We will store your contact data as long as you keep your account active and within 30 days after the account deletion, unless you ask our manager or service staff to erase these data from the account earlier. Again, after such a period, we may store the limited amount of data archived with limited access, if we have overriding legitimate grounds for the processing (like our legitimate interest, legal obligation or for the establishment, exercise or defence of legal claims).
We use web server log files. Records in our log files include internet protocol (IP) addresses (IP address of the device (from which we can also infer the country you are connecting from), operating system, browser types and version, referring pages, exit pages, platform types, and date/time stamps. We use web server log files to administer the Website, provide broad traffic information for the Website planning purposes, to restrict the access from prohibited jurisdictions and to ensure that you adhere to our Terms. Generally, this data is collected by cookies. You can read more about data collected by cookies in our Cookies Policy.
We will store these data as long as you keep your account active and 30 days after its deletion unless you erase these data from the account earlier on your own. But for security reasons, this data can be stored even after an account is deleted for legitimate business processes, including audits and security purposes.
Your activity on the Website
When you are logged in, we also collect the following information:
- forecasts, created by you (for proper Service provision);
- your activity on the Website (for static purposes);
- rate of successful forecast, which is converted into the level or rank (for static purposes, for granting additional accesses or rewards);
- your correspondence with our managers and/or support staff (for proper support provision and Service provision).
Please note that sometimes we may process your data for statistical purposes and subject to the appropriate safeguards in accordance with applicable data protection laws.
What are statistical purposes? Statistical purposes mean any collection and processing of data necessary for statistical surveys or to produce statistical results. The statistical purpose implies that such statistical results do not include personal data, but only aggregate data. The statistical results may further be used for various purposes, for example, to assess our business development, understand the market demands, and improve our Services. We process the pools and forecasts created by the Website users to make our own currency predictions and forecasts, such as advices and recommendations to Website users.
In most cases, we will anonymize your data before starting processing it for statistical purposes. As a result, such data will be no longer considered personal and its use will be not governed by data protection laws.
Additionally, we may process your data:
- for the compliance with our legal obligations, respond to requests from competent authorities. This means we can store and disclose your information to law enforcement authorities, state, or government agencies if we establish that such disclosure is necessary to comply with the law. This includes responses to court orders or subpoenas, as well as other judicial or regulatory processes;
- to protect your vital interests or vital interests of another natural person;
- we may anonymize, pseudonymize, aggregate and de-identify the data that we collect and use this data for our own internal business purposes, including sharing it with our business partners, our affiliated businesses, agents and other third parties for commercial, statistical and market research purposes. For example, to allow those parties to analyze pool patterns and conducting researches;
- for internal business/technical operations, including troubleshooting, data analysis, testing, research, statistical and survey purposes, and as part of our efforts to keep our Website, network, and information systems secure.
Please note that we do not sell your data.
Access to personal data
For proper Service provision and Website maintenance and functionality we may give the access to your personal data to such categories of our staff and contractors:
Our employees and contractors
Among our employees, there are only customer support and development teams who can access your data from our databases. They are exactly those persons who are responsible for achieving the declared purposes of data processing and that is why they need to have access to your data. These teams may include both Zephyr employees and independent contractors or freelancers.
Apart from our employees and subcontractors, we engage the following third-party service providers:
Google Ads (the USA) is our external online advertisement service, which helps us to promote our Services to customers. Google LLC is certified under both the EU-U.S. and Swiss-U.S. Privacy Shield frameworks. Among other Google Ads services we use Google Tag Manager.
Gleam (Australia) is a marketing platform that helps us run marketing campaigns, rewarding our customers for their achievements and promoting our Services to customers. You can read more about data protection by the Gleam here.
We may also add different third-party services with the use of which you could register your account (e.g. Metamask). You will see the up-to-date list when registering the account.
If you are interested in more details about how these third-party services process personal data, please refer to their privacy policies available on their websites.
Please be aware that we may change our service providers from time to time, making sure they are safe and respect your privacy. To make sure you have the up-to-date list - please contact us.
How we protect your data
We use Hypertext Transfer Protocol Secure (HTTPS) for keeping your data secured and your communication with the Website encrypted.
We store your data on our own servers in AWS CloudFormation, Frankfurt, Germany.
We do everything we can to protect your data, but no internet transmission method is 100% secure. If your rights under the Policy are violated, or if there is a high risk that they will be violated, we will notify you and the regulatory authorities without delay. We will also do our best to minimize such risks.
In regard to protection from unauthorized access to personal data we have implemented firewall, passwords hashing and two-factor authentication (internally, when working with your data).
For emergency cases we also regularly backup data to be able to restore it when it is needed. We require all our employees and subcontractors to enter in non-disclosure agreements and data processing agreements (if applicable).
Your rights as to your personal data
You have the following rights regarding your personal data Zephyr collects and processes:
You have a right to access to your personal data processed by Zephyr and right to data portability.
You may at any time obtain confirmation from Zephyr as to whether or not personal data concerning you are being processed. You may at any time order a complete data copy, which you may transmit to another controller of the data. Your data will be delivered within 10 working days by Zephyr as files in CSV format.
You have a right to request from Zephyr to rectify your personal data You can request all the inaccurate personal data concerning you being corrected. You may also request to complete your personal data if you consider that something is missed.
You have a right to request Zephyr to erase personal data You may without undue delay request the erasure of personal data concerning you, and Zephyr shall erase the personal data without undue delay when one of the following applies:
- if the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- if you withdraw your consent on which the processing is based, and where there is no other legal ground for the processing;
- if you object to the processing in case the processing is for direct marketing purposes;
- if the personal data have been unlawfully processed; or
- if the personal data have to be erased for compliance with a legal obligation or national law.
Please note that as described above, some data is stored in the blockchain, so Zephyr has no real possibility to erase such data.
You have a right to restrict the processing of your personal data by Zephyr
You may at any time request us to restrict the processing of personal data when one of the following applies:
- if you contest the accuracy of the personal data, for a period enabling Zephyr to verify the accuracy of the personal data;
- if the processing is unlawful and you oppose the erasure of the personal data and request the restriction of their use instead; or
- if Zephyr no longer needs the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims.
You have a right to withdraw your consen
When your data is processed on the basis of consent, you can withdraw your consent for the processing of your personal data at any time by simply contacting us, without affecting the lawfulness of processing based on the consent before its withdrawal. After receiving such a withdrawal request from you, we will process it in a timely manner and will no longer process your personal data unless otherwise is allowed by law.
You have a right to object to the processing
In some cases provided by the applicable laws you can object to processing of your personal data. You can object to the processing of your personal data when the processing is related to the performance of our task carried in the public interest or in the exercise of official authority vested in us; or if we process your data to pursue our or third party’s legitimate interests, and you believe that such interests are overridden by your interests or fundamental rights and freedoms.
If you make a request objecting to processing, we will no longer process the personal data unless we are able to demonstrate compelling legitimate grounds for the processing.
Any requests to exercise your rights can be directed to Zephyr via the contact details provided below. These requests are free of charge. Please note that we may ask you to verify your identity before responding to such requests. The verification may be done via account credentials or third-party software cryptocurrency wallet (e.g. MetaMask).
The Services, including the Website, are made available by us, Zephyr, and are not intended to subject us to the laws or jurisdiction of any state, country or territory other than that of the Marshall Islands.
If you have any questions about this Policy, please contact us.
Contact email: email@example.com