The term “Users” refers to any natural or legal person who makes use of the Services as fans, stars, members of the community, advertisers or any other type of members of the Platform.
Olyseum shall process your personal data in accordance with the Swiss Federal Act on Data Protection (“FADP”) and the General Data Protection Regulation of the European Union (“GDPR”).
If at any time, you have questions or concerns about our privacy practices, please feel free to contact us at email@example.com.
Please note that this Policy does not apply to information collected through third-party websites or third-party services or applications that you may access through the Services or to which you may be redirected through the Platform, or that that does not relate directly to the use of the Platform or Services (i.e. job applications).
1 – Identity and contact details
Place Longemalle 1
Representative in the European Union:
Miguel Angel Lopez Fernandez
Data Protection Officer (DPO):
c/ Avinguda Santa Coloma 7
AD500 Andorra la Vella
Please, personal visits only with prior appointments!
2 – What personal data we collect
Olyseum collects information about Users in a range of ways.
Personal data you directly give us, which may include:
- Identity information, such as the mobile number, first name, last name, and userID of your Telegram account, or the email address you use to contact us or to send you our newsletter;
- Personal characteristics, such as your age, and other data that we Olyseum may require to limit access to exclusive experiences, like the amount of OLY tokens held by User;
- Other documents you may provide to Olyseum in the framework of the Platform, such as photographs, pictures, identity cards or passports;
- Feedback and correspondence, such as the information you provide when you report a problem with Service, receive customer support, tell us about the helpfulness of an article or submit us a request, or otherwise correspond with us;
- Transaction information, such as details about purchases you made through the Platform and transactions related to non-fungible tokens (NFT) involving a User, which include the NFT (type ERC-721) and the Ethereum addresses involved in the transaction;
- Usage information, such as information about how you use the Service and interact with us;
- Credit card data (only the last 4 digits of your card, which our payment service provider, PSP, returns linked to the date and transaction number so that Olyseum can send the PSP possible claims about your payments, given its role as data controller for the processing of your credit card payment).
- Technical information, such as your Ethereum wallet address; and
- Additional information you provide to us to comply with anti-money laundering (AML) laws and know-your-customer (KYC) requirements (such as nationality and place of birth).
Information we generate in relation to our Platform, such as the number of OLY you have in the account you logged into Olyseum with, or any billing details.
Information we collect from others (third party sources) such as the identity information (user identifier in social network, name, e-mail and profile picture) we collect from the identity provider when you register or initiate session in the Platform. We use following identity (or “sign in”) providers:
- Google Ireland Ltd, Gordon House, Barrow Street, D04 E5W5, Dublin, Ireland (hereinafter referred to as “Google”).
- Apple Inc. One Apple Park Way, Cupertino, California, USA, 95014 (hereinafter referred to as “Apple”), whose Data Protection Officer you can contact at apple.com/legal/privacy/contact.
- Facebook Ireland Ltd., 4 Grand Canal Square, Grand Canal Harbour, Dublin 2 Ireland (hereinafter referred to as “Facebook”), whose Data Protection Officer your can contact at https://www.facebook.com/help/contact/540977946302970
- Magic Labs Inc., 3739 Balboa St nº 1088, San Francisco, California, USA 94121 (hereinafter referred to as “Magic”), whose EU representative is Taylor Wessing Germany, located at Hanseatic Trade Center, Am Sandtorkai 41, 20457 Hamburg, Germany, who you can contact by telephone at +49 40 36803-0.
Information we collect automatically:
- We also may use Google Analytics to help us offer you an optimized user experience. You can find more information about Google Analytics’ use of your personal data here: https://www.google.com/analytics/terms/us.html.
Information we will never collect. We will never ask you to share your private keys or wallet seed. Never trust anyone or any site that asks you to enter your private keys or wallet seed.
3 – How we use personal data and what is our legal bases
3.1 To sign in in the Platform
The Platform uses social logins from various identity providers, such as Facebook, Google and Apple in order to let the User to complete the registration and login without needing a separate userID and password (see section “Information we collect from others” in chapter 2) . It means you can set up an account in Olyseum identifying yourself with the ID you already have registered in the identity provider: no need to use a social media account, fill out forms, or choose another new password.
You are not required to provide Olyseum with the personal data we request you during the sign in process, but if you choose not to do so, Olyseum may not be able to log you into the Platform and provide you the Services.
We process your personal data on the basis of the consent you explicitly give the sign in provider to transfer us your login information.
3.2 To provide our Services
We will use your personal information in the following ways:
- To enable you to access and use the Services
- To provide and deliver products and services that you may request.
- To process and complete transactions, and send you related information, including purchase confirmations.
- To send information, including confirmations, technical notices, updates, security alerts, and support and administrative messages.
Our processing of your personal information is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Service.
3.3 To comply with law
We use your personal information as we believe necessary or appropriate to comply with applicable laws (including anti-money laundering (AML) laws and know-your-customer (KYC) requirements), lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
The legal base of this processing is our legal obligation.
3.4 To communicate with you
We use your personal information to communicate about challenges, upcoming events, and other news about our stars or the products and services offered by the Platform you are registered to.
The legal base of this processing is our legitimate interest. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
3.5 To manage inquiries and bug reports
We use your personal data to track and respond to your inquiries, and the bug or vulnerability reports that you submit to us, as well as to include you, where appropriate, in our bounty program.
We may also use your information to provide you with general customer service.
We process your inquiries and bug reports with your consent, expressed at the time you voluntarily contact us, and that you have the right to withdraw at any time in the manner indicated in the Service or by contacting us at firstname.lastname@example.org. Additionally, where appropriate, we process your personal data to execute our bounty program agreement.
3.6 To optimize our Platform
We may use your personal information to operate, maintain and improve the Platform and our Services, always with the aim of optimizing your user experience. To achieve this, among other data sources we use the information provided by “cookies” as detailed in our cookies policy.
We process the data collected by cookies with your prior consent, unless cookies are necessary for the proper functioning of the website. You have the right to withdraw this consent at any time in the manner indicated in our cookies policy.
Regarding the rest of the personal information that we use to optimize our Platform, the legal basis for its processing is our legitimate interest, after having considered your rights and the balance of interests between you and us.
3.7 For compliance, fraud prevention, and safety
We may use your personal information to protect, investigate and deter against fraudulent, unauthorized or illegal activities and, as in the case of point 3.4, the legal base of this processing is our legitimate interest.
3.8 To send our newsletters
We process your email address with your consent, expressed at the time you voluntarily subscribe to our newsletters, to provide you with information of interest, news and promotions related to the Platform and our Services.
You have the right to withdraw your consent at any time by contacting us at email@example.com or by clicking on the link provided at the bottom of each newsletter to that effect.
3.9 For new purposes
Finally, we may use your personal information for reasons not described in this Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we originally collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.
4 – With whom we share your personal data
Aside as described below, we do not share the personal information that you provide us with third parties without your express consent. We disclose personal information to third parties under the following circumstances:
- We may share information with those who need it to do work for us (our service providers). These recipients may include third party companies and individuals to administer and provide the Service on our behalf (such as customer support, hosting, email delivery and database management services), as well as lawyers and auditors.
- We may share personal information to comply with legal, regulatory, protection, and safety purposes, as well as to respond to lawful requests of authorities, regulators, self-regulatory authorities or courts and legal processes.
- We may share personal information when we do a business deal, or negotiate a business deal, involving the sale or transfer of all or a part of our business or assets. These deals can include any merger, financing, acquisition, or bankruptcy transaction or proceeding.
- We may share information in an emergency. This includes protecting the safety of our employees and agents, our customers, or any person.
5 – Transfer of data abroad
Users are informed that in order to provide the Service personal data may have to be transferred outside of Switzerland, to a country that has been granted an adequacy decision according to the GDPR / FADP. In the event that your personal information needs to be transferred to a country that does not benefit of such adequacy decision,Olyseum undertakes to base the transfer on a data transfer mechanism recognized by the European Commission and the FDPIC as providing adequate protection for your personal information, or to inform you and obtain your prior written consent regarding such processing. You may contact us if you want further information on the specific mechanism used by us when transferring your personal information to such third-party countries.
6 – Data conservation
Olyseum shall only store Users’ personal data for as long as Users use the Platform and as long as they are necessary for Olyseum to comply with its contractual and legal obligations (in particular the tax regulations and the Swiss code of obligations).
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
7 – Rights and Requests of Users
Under the GDPR and the FADP, you have following rights regarding your personal information:
- Right to opt-out: withdraw the consent for the processing activities that you have previously consented, without this affecting the lawfulness of the processing performed by Olyseum before the withdrawal of the consent. In such circumstances, Users understand that Olyseum may not be able to provide the Service that depended on that consent.
- Right to access: Provide you with information about our processing of your personal information and give you access to your personal information.
- Right to have your personal data corrected: Update or correct inaccuracies in your personal information.
- Right to restrict: Restrict the processing of your personal information.
- Right to object: Object to our processing of your personal data, in particular our reliance on our legitimate interests as the basis of our processing of your personal information.
- Right to have your data deleted: Delete your personal information.
- Right to file a complaint with a supervisory authority, in particular in the state of your habitual residence or at the place of the alleged infringement, if you consider that our processing of your Personal Data breaches the applicable data protection laws.
Additionally, under the GDPR you may ask us to take the following actions in relation to your personal information that we hold:
- Right to data portability: Transfer a machine-readable copy of your personal information to you or a third party of your choice.
You can submit all the above requests by email to firstname.lastname@example.org. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions.
If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at email@example.com or submit a complaint to the Federal Data Protection and Information Commissioner (FDPIC), Feldeggweg 1, CH-3003 Berne, phone +41 58 462 43 95, fax +41 58 465 99 96, www.edoeb.admin.ch.
Additionally, if you consider the GDPR applies to you, you have the right to submit a complaint to the data protection authority in your jurisdiction, which you could find here.
Finally, we inform you that regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. For more information, please see our Cookies Policy. Specifically, for what regards the statistical cookies that we use in conjunction with the Google Analytics service, you may exercise choices regarding the use of these cookies by going to https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.
8 – Security measures
Olyseum has taken all appropriate and reasonable technical and organisational measures to ensure an adequate level of security for the processing of Personal Data and to prevent their loss or alteration and unauthorised processing or access.
Last update: 16 January 2022