PRIVACY & COOKIES POLICY
Data protection is a particularly high priority for Carnomaly.io and the use of our Internet page https://carnomaly.io (“Website”) is possible without any indication of personal data. However, if a data subject wants to use special services via our website, or any subdomains we maintain, processing of personal data could become necessary.
As a controller for the data collected via our Website, and as a processor for the data collected via any subdomains we maintain, Carnomaly.io has implemented numerous technical and organizational measures to ensure the most complete protection of the personal data processed.
- Personal data – any information relating to an identified or identifiable natural person;
- Data subject – any identified or identifiable natural person, whose personal data is processed by Carnomaly.io;
- Processing – any operation or set of operations which is performed on the personal data or on sets of personal data;
- Controller – a legal person, which alone determines the purposes and means of the processing of personal data. Carnomaly.io is a Controller, regarding the personal data collected by our website;
- Processor – a legal person, which processes Personal data of behalf of the Controller. Carnomaly.io is a Processor, regarding the Personal data collected via the subdomains we maintain.
II. Identity and contact details
101 E. Park Blvd., Ste. 1150
Plano, Texas 75074
Any data subject may, at any time, contact our Data Protection Officer directly with all questions and suggestions concerning data protection.
III. Contact possibility via our Website: www.carnomaly.io
Our website contains information that enables a quick electronic contact. If a Data subject contacts us via the contact form of our website, the personal data transmitted by the data subject, e.g., name and email address, are automatically stored and processed by Carnomaly in its capacity as a Controller of Personal data.
Such personal data is transmitted on a voluntary basis by a data subject to the controller. It is stored for the purpose of processing or contacting the data subject. There is no transfer of this personal data to third parties.
Carnomaly.io may maintain subdomains in addition to its main website and therefore may provide software and other services for that purpose. Therefore, if a data subject provides any data on such a subdomain, the personal data transmitted by the data subject is automatically stored and processed by Carnomaly.io in the capacity of a Processor of personal data for the subdomain, which subdomain would be the Controller of such personal data.
The personal data necessary for the registration of the data subject may vary but it mainly consists of:
Phase 1: Registration –
Phase 2: Verification/KYC –
Date of birth;
ID front and back;
Proof of address
Hereinabove personal data is transmitted on a voluntary basis by a data subject via the relevant subdomain. Thus both the Controller and the Processor have access to and process those data.
The registration of the data subject, with the voluntary indication of personal data, is intended to enable the Controller to offer the data subject contents or services that may only be offered to registered users due to the nature of the matter in question.
After the Registration is completed a confirmation e-mail is sent to the data subject in the double opt-in procedure. This confirmation email is used to prove whether the owner of the e-mail address is authorized to make a registration or that the owner of the e-mail address is aware of a registration in their name and authorizes such registration.
Some of the subdomains we may maintain may also provide for social media registration. If a data subject makes a registration through a third-party social media site like Facebook, Twitter or LinkedIn, for example, we will only gain access to the name and email of the data subject.
The verification of the data subject, with the voluntary indication of personal data, is intended to meet any applicable Anti-Money Laundering (AML) requirements for prevention of the use of the subdomain for money laundering and terrorist financing, if any. All such data is used for the purpose of verification only.
Although, neither the Controller, nor the Processor are required to perform the AML measures, it is possible that in the future AML obliged entities might be broadened to include companies like ours, thus the good practices require the verification of buyer identity and residency and Controllers have may decide to perform Know Your Client (“KYC”) procedures. Regarding this, each Controller, at its own discretion, may decide to use an independent KYC Provider, which will be involved in the process and will be handling with the KYC forms and the data subject’s personal data. KYC providers are appointed only by the Controller at its own discretion, and the latter can only be held liable for the organizational and technical measure those KYC providers apply regarding the protection of Data Subjects’ personal data. Carnomaly has no contractual relations with any of its clients KYC providers and cannot be held liable for any of their actions.
V. Subscription to newsletters
Any subdomains which we may maintain that may offer the opportunity to subscribe to a newsletter by clicking the relevant box will also allow data subjects to revoke a given consent at any time and for this purpose a corresponding link will be found in each newsletter or email containing a newsletter.
VI. Possible consequences of failure to provide data
The non-provision of personal data would have the consequence that the service requested by the data subject could not be provided, i.e. the data subject would not be able to contact us via our website or would not be able to make a registration on the subdomains we maintain or get verified for other uses and/or purchases.
VII. Period for which the personal data will be stored
Personal data is stored up until the termination of the user’s account. Upon termination, the corresponding data is deleted as it is no longer necessary to maintain and there is no other legal basis for processing the data.
Carnomaly.io will not disclose any personal data to a third party. However, controllers of any subdomains or the controllers of any domains that may be linked through carnomaly.io may disclose the personal data of the data subject to other processors, for example KYC providers, email providers, SMS providers.
- Rights of the data subject
- Right to Access: As a data subject you have the right to obtain from us free information about your personal data processed at any time and a copy of this information. Furthermore, you will have access to the following information: the purposes of the processing; the categories of personal data collected; where possible, the anticipated period for which the personal data will be processed, or, if not possible, the criteria used to determine that period; the existence of the right to request from us rectification and erasure of personal data, or restriction of processing of personal data concerning you, or to object to such processing; the existence of the right to lodge a complaint with a supervisor authority; where the personal data are not collected directly from you, any available information as to their source; and the existence of automated decision-making, including profiling, and, at least in those cases, meaningful information about the logic involved, as well as the significance and anticipated consequences of such processing for you.
- Right to Rectification: You have the right to obtain from us, without undue delay, the rectification of inaccurate personal data concerning you. Taking into account the purposes, you shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
- Right to be Forgotten: You have the right to obtain from us the erasure of personal data concerning you as soon as possible, and we shall have the obligation to erase personal data without undue delay where required by the law, including when:
- The personal data is no longer necessary in relation to the purposes for which they were collected or otherwise processed;
- There is no longer a legal ground for the processing;
- You object to the processing and there are no overriding legitimate grounds for the processing;
- The personal data has been unlawfully processed;
- The personal data must be erased for compliance with a legal obligation in accordance with the applicable law to which we are subject.
- Right to Restriction of Processing: You have the right to obtain from the Foundation restriction of processing where one of the following applies:
- The accuracy of the personal data is contested by you, for a period enabling us to verify the accuracy of the personal data;
- The processing is unlawful and you oppose the erasure of the personal data and request instead the restriction of their use;
- We no longer need the personal data for the purposes of the processing, but they are required by you for the establishment, exercise or defense of legal claims; and/or
- You have objected to processing pursuant to applicable laws.
- Right to Object: You have the right to object, on grounds relating to your particular situation, at any time, to the processing personal data concerning you. We shall no longer process the personal data in the event of the objection, unless we can demonstrate reasonable grounds for the processing, which override your interests, rights and freedoms, or for the establishment, exercise or defense of legal claims.
- Right to Withdraw Data Protection Consent: You have the right to withdraw your consent to processing of your personal data at any time.
IX. Security of the personal data
We have implemented technical and organizational measures to ensure that processing is carried out in accordance with all applicable statutory and/or regulatory requirements which may include but are not necessarily limited to:
- the ability to ensure the ongoing confidentiality, integrity, availability and resilience of processing systems and services;
- the ability to restore the availability and access to personal data in a timely manner in the event of a physical or technical incident;
- a process for regularly testing, assessing and evaluating the effectiveness of technical and organizational measures for ensuring the security of the processing.
If you believe that any information about you is false or inaccurate, please let us know as soon as possible by contacting us at: firstname.lastname@example.org.