July 24, 2020
«Personal data» - any information relating directly or indirectly to an identified or identifiable individual.
«Processing of personal data» - any manual or automated action concerning personal data, including collection, receipt, recording, systematization, storage, clarification (updating, changing), extraction, use, transfer (distribution, provision, access), depersonalization, blocking, deletion, destruction of personal data.
«Controller» - a legal entity Caspian Technologies Pte. Ltd (hereinafter referred to as the Company, We, Ours), which independently determines the goals and means of processing personal data when using the Spatium Application (hereinafter referred to as the Application).
«Spatium» - a mobile Application (cryptocurrency wallet), using which you can receive and send crypto-assets and access resources for their exchange, as well as to otherwise manage digital assets and crypto-assets.
This Policy applies only to the use of the Spatium Application where this Policy is published.
The policy is applicable only in relation related to the use of the Application and does not apply to data that comes from companies or other organizations. This Policy (together with Our other documents) establishes the basis on which We process any personal data that We receive from you or that you provide to Us.
We request your personal data that is adequate, suitable and necessary for processing abiding the principle of data minimization.
Our policy is focused on personal information that identifies you or reasonably may be associated with information that identifies you. For example, using Our Application and services, We may collect personal information such as name, IP address, address, the phone number to complete your order or passport data to perform the services you ordered.
Your data is processed in a legal, fair and transparent manner.
Our employees are responsible for ensuring compliance with this Policy. We require everyone who manages the personal information of Our customers to do this properly and in accordance with Our rules, as well as the provisions set out in Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 («General Data Protection Regulation» or «GDPR»).
3. WHAT DATA WE PROCESS AND FOR WHAT PURPOSE
By submitting your personal data, you agree to its processing in order to fulfill the obligations of the Company to you to ensure the possibility of using the Application, its security, providing you with products and services, for example, to fulfill your requests for the provision of services, or to personalize Our information-sharing relationships. We also use your personal information to support Our services and business functions, such as fraud prevention, marketing (in terms of the number of users and country of download) and legal functions.
If you did not carry out a backup procedure, then We do not collect any personal data and do not guarantee the security of using Our Application and the possibility of using the Application functionality.
In the case of backup, We process two types of information:
1) the information We receive from you;
2) information that We receive from others, including automated programs.
1) The information We receive from you includes information that you share with Us when you create an account in the Application. We also receive information from other sources to help Us supplement Our records, improve the personalization of Our services for you, and detect fraud. Our goal is to limit the information We collect with the information necessary to support Our business.
You share information with Us in various ways through Our services and on the Internet. For example, you share information when you:
make a purchase/download of Our Application;
create an account on Our website or in the Application;
participate in Our programs and promotions in social networks;
post a review or comment on one of Our pages on social networks, write a review or other content on Our website or mobile service.
When you perform these actions, you can send Us various types of personal information, such as:
physical or mailing address;
date of birth;
information arising from payment information;
biometric data in the form of a face, which is processed by the neural network and converted by the server into a static set depersonalized key.
2) We process technical information when you use our Application or Services. This may include information such as:
City ($city) - The city of the event sender parsed from the IP property or the Latitude and Longitude properties. See Geo Source ($geo_source) for more detail.
Region ($region) - The region (state or province) of the event sender parsed from the IP property or the Latitude and Longitude properties. See Geo Source ($geo_source) for more detail.
Country (mp_country_code) - The country of the event sender parsed from the IP property or the Latitude and Longitude properties. See Geo Source ($geo_source) for more detail.
Geo Source ($geo_source) - the method to establish the values for the Country, Region, and City properties. If the value is null, the location properties were determined through the IP ($ip) property. If the value is “reverse_geocoding”, then the location properties were determined through the Latitude ($latitude) and Longitude ($longitude) properties.
Timezone ($timezone) - Timezone of the event sender, parsed from IP.
Browser Version ($browser_version) - Browser version number.
Browser ($browser) - Browser name (not versioned).
Initial Referrer ($initial_referrer) - Referring URL at first arrival.
Initial Referring Domain ($initial_referring_domain) - Referring domain at first arrival.
Operating System ($os) - OS of the event sender.
Last Seen ($last_seen) - The last time a user profile property was set or updated (should not be set manually).
Device name ($device) - The name of the event sender's device, if they're on mobile web.
iOS Device Model ($ios_device_model) - Device model ID, in format "iPad 3,4".
iOS Version ($ios_version) - Current version of iOS on the device.
Device ID ($device_id) - A unique string that identifies a user before an authentication or identification flow. By default, Mixpanel's client-side SDKs generate a $device_id for every unique browser or device. If using a client-side SDK, the $device_id is an event property that won't need any additional work. The $device_id does not change on the same device.
Account ID - account number in the Spatium application
App version ($app_version) - the version of the application that the User uses
Backup biometric ($backup biometric) - whether the procedure of backup restoration of access to the account using biometric facial parameters has been performed.
Backup paper ($backup paper) - whether the user has saved a QR code to restore access.
Balance of currency ($BTC, ETH and etc.) - balance of currencies in your account.
This also includes the information you provide to us through automated technologies such as Mixpanel. We use its capabilities as described at https://mixpanel.com/legal/terms-of-use/ and https://mixpanel.com/legal/privacy-policy//. Mixpanel secures the data being processed as described at https://mixpanel.com/legal/security-overview/.
Here are some examples of the purposes for which data about you are used, but not limited to:
To meet your requests for products and services and to communicate with you about these requests;
To help us personalize our service offerings, mobile services and advertising;
To send you information about our products, services and promotions;
To respond to the feedback and comments that you provide to us;
To protect the security and integrity of our mobile services and our business;
To execute a contract to which either the beneficiary or the guarantor of the personal data is a party, or to conclude a contract initiated by the subject of personal data or a contract under which the subject of personal data will be the beneficiary or guarantor;
For this purpose, we combine personal and non-personal information collected online and offline, including information from third-party sources. The information that you transmit to us will only be processed with your consent. You give it to us before doing so as described above.
4. WHAT DATA WE KEEP AND FOR WHAT PERIOD
We store your email for contacting you and identifying you when you contact us and restore your account access. And we store a static pre-set key on our servers to enable you to access your account. We also store the information specified in section 3. We keep all this information for a period of 10 years from the last time you visited your account, because you can keep your assets in your account and you may also need this information if something happens.
We will delete or impersonalize personal data (i) when the purpose of the processing has been achieved, (ii) when it is no longer necessary to achieve the purpose of the processing or (iii) when requested to do so by the subject of the personal data within 30 calendar days.
Ten years after the account has been inactivated (last login) and the last Transaction has been completed, We will delete it. The inactivity is checked every time you login to your account, restore access, and make a transaction using the Application.
5. AFFAIRS RELATED TO TRANSFER OF PERSONAL INFORMATION
We will not sell or rent your personal information. We may transfer your personal information in limited circumstances, such as the conduct of Our business when required by law, or with your consent.
We will not transfer your personal information outside of Our Company, except the following cases:
1) If the maintenance and technical support of the Application will be carried out by another organization that undertakes to comply with this Policy as We would have implemented it.
2) When it is necessary to comply with legal requirements of the law and protect the Company and other persons.
We may transfer your personal information in other special circumstances, which include situations where the exchange is required by law, or We believe that the exchange will help protect the security, property or rights of Caspian Technology PTE Ltd., Our customers, Our employees or other persons. For instance:
protecting the health or safety of users;
combating crimes committed in respect of the property of the Company or of an organization providing maintenance and technical support of the Application;
identification and elimination of fraud or financial risks;
providing personal information to law enforcement agencies upon their written request;
in response to a search warrant or other valid legal request;
responding to actions, requests, acts of investigative authorities in cases of violation of the agreement or violation of the law.
3) Transfer of business. In the event of the merger, sale or reorganization of all or part of Our business (including the transfer made as part of the bankruptcy procedure), personal information about you may be transferred to the business successor. We will take reasonable and necessary measures to ensure that any successor will handle your information following this Policy.
4) With your consent. Upon your request, We can transfer the information processed in relation to you to the address indicated by you within 30 calendar days. The exception is the static set depersonalised key since this information is secret and ensures security against fraud and other illegal actions in relation to you and the Company. In any circumstances other than those described above, We will ask for your consent before We transfer your personal information outside of Our Company.
6. PERSONAL DATA SUBJECT’S RIGHT TO DISCLAIMER OF DATA
If you contact Us by email or mail, be sure to include your full name and related contact details. For example, if you want to refuse receiving mails, enter your mailing address. It may take up to ten days to process your inquiries related to email and up to 30 calendar days, to process your inquiries related to phone calls, text messages and the exchange of information with your consent.
You can request and receive information about the processing methods used, personal data, volumes, processing and storage periods and other data stipulated by the Legislative Acts mentioned above, which are applicable to you depending on your citizenship or location if you are stateless person. To do this, you need to correctly compose a request and send it to email firstname.lastname@example.org or Our telegram channel https://t.me/spatiumwallet.
A correct and official request is a request from the subject of personal data, which is sent from the email used to register in the Application.
For government bodies and organizations, the request sent to Our address in the manner established by the Legislation of Singapore is considered to be correct and official, in which the following is specified:
the name of the organization;
the date of the application;
the position of the person sending the request;
the content of the request indicating the links and the grounds on which We are obliged to provide the data that We have, or to perform other actions. Such a request is considered correct if it contains the above information and is sent in its original form on a paper to the address: CASPIAN TECHNOLOGIES PTE LTD (reg No 201727936N), Singapore, 20A Tanjong Pagar Road (088443).
7. GETTING YOUR PERSONAL INFORMATION, ITS UPDATE AND REQUIREMENT TO DELETE DATA
You have the opportunity to get a set of data about you that We processed, as well as those data about you that We store. We can also delete or anonymize personal data and all information about you, or part of it at your request, after which you will not be able to use the Application. All this is available after the request to the email email@example.com in the case of compliance with the correctness and formality of the request as described in Section 6.
We provide you with various ways to access or update your personal information, including contact information and account information. We also take reasonable steps to ensure the accuracy and completeness of your personal information.
You can access or update your personal information, including contact information or account information, in the «settings» section of the Application.
If you created an account on one of Our websites, log in to your account. Once you do this, you can enter and update your own contact details and billing information, as Well as contact information for the recipients you specify.
Contact Us in one of the ways listed in the «Contact Us» section. Please, describe in the application the information you want to access and the changes you requested. We will provide you with the requested personal information if it is reasonably available unless it violates the privacy of others and is not subject to reasonable restrictions provided for by law and internal procedures. Otherwise, We will describe the types of information that We usually collect. We will provide access and make the changes you request or provide an explanation of what actions We can take regarding the request.
If you want to delete your account in the Application, you need to send a written request to the legal address of the Company or by email firstname.lastname@example.org with the corresponding request. This action does not imply the withdrawal of the Client’s consent to the processing of his personal data, which occurs in the manner prescribed by paragraph 1 of this paragraph.
The user agrees not to disclose to third parties the login and password used by him for identification in Our websites and in mobile Applications where this Policy is posted. The user also undertakes to ensure due diligence when storing and using the login and password (including, but not limited to: use licensed antivirus programs, use complex alphanumeric combinations when creating a password, and not provide third parties with a computer or other equipment entered on the username and password of the user, etc.), as well as authentication devices on sites and mobile Applications.
In case of suspicion or reliable messages regarding the use of your account by a third party or malicious software, We will be forced to unilaterally change or reset your authentication data.
8. HOW WE PROTECT YOUR PERSONAL DATA
We understand the importance of ensuring the security of the personal information of Our users. We use reasonable security measures, including physical, administrative, and technical security measures to protect your personal information.
We have employees who are responsible for ensuring the security of your information. If you make purchases on Our websites or through Our mobile services, We use reasonable security measures, including physical, administrative, and technical security measures. These measures may include access control methods or other physical security measures, information security technologies and policies, procedures that help ensure that information is properly removed.
Here are some examples of security measures We use to protect your personal information:
A password is required to access your account. The password is up to you. Please keep this password secret.
An encryption technology called Secure Sockets Layer (SSL) helps protect personal information in certain areas of Our Application during transmission over the Internet. These guidelines may not be available on mobile services using SSL.
We also use technologies such as ECDSA, EDDSA, AES, Homomorphic encryption.
To ensure the security of processing biometric data, Our Partner »Svort, Inc.» takes the necessary technical and organizational measures. After processing the biometric data, they are converted into a static depersonalized digital key. If the attackers obtain such a key, they will not be able to access personal data, which only includes the stored email address. This is because the training mode when entering an account or registering uses an artificial neural network that learns to convert many input images into a given user key, and images that do not belong to the user in a random »white noise» at each of the outputs of the artificial neural network. In the key recovery mode, the unit receives a set of vectors of biometric parameters as input and converts them into a biometric private key. When applying to the input of a biometric image of a previously registered user, a cryptographic key will be obtained at the output, and for other images-random »white noise».
You are solely responsible for all actions performed in your Account. You agree to immediately inform Us of any cases of unauthorized use of your Account or any other breach of security.
To create an account you need to create a password or a PIN. You invent them yourself. We do not store passwords or PIN codes. They are not known to us. You must protect your passwords and You are solely responsible for using your account. After that, the App functionality, limited by the interface viewing, becomes available.
To access all App functionality, you must go through a backup procedure (registration procedure).
Registration in the Spatium App includes creating an account on the server and saving the account data locally in the file system.
To obtain access to the entire App functionality, it is necessary to complete the backup procedure. There are two backup options: QR code or user's face biometrics (on the user's choice). Both can be used for account data recovery from the server in case of full withdrawal from the application.
If you chose to use biometric data for backup, keep in mind that the neural-biometric system that provides the operation of this algorithm is trained to recognize you, therefore we do not store any images, vectors, or other sensitive information of the User. This is possible because we use the innovative technology of anonymous neural-biometric. Backing up your data will also allow you to restore your account data in case your device is lost, broken or stolen with another gadget or device. Also, in this case, you will need to indicate your email address, which will be used to confirm that the ownership of the specified email is yours. Access Email should be available only to you and in no way should be available to anyone else, it should also be relevant, complete and accurate.
If you have chosen to use a QR code, we recommend that you print the QR code on a physical medium and remove it from the device to reduce the possibility of illegal actions with it by third parties.
The option that looks like and is marked for the user as "log out" from the application, in fact initiates the procedure of complete removal of the account data from the user's device (data reset). That is why the user also needs to perform the backup procedure.
The option that a user understands as "log into account" is actually the recovery of the account data backup from the server, with the use of QR code or user's face biometrics, based on a neural network. This provides the highest security level for the user's data, since no one, including the owners of the server and developers, can perform any illegal actions with the trained neural network.
In case the application is closed without log out, Local Authentication (FaceID and/or system passphrase) is required during subsequent sessions.
9. CHILDREN PRIVACY
Our Application is intended for a wide audience and is not intended for children.
We understand the importance of protecting the privacy of children on the Internet. The company is fully aware of the importance of respecting the privacy of children, especially in an electronic communication environment. Our Application is not intended for children under 18 years of age. Following Our policy, We never conduct a targeted collection and storage of information about persons under 18 years of age.
Please contact Us if you think that We could collect information from your child through Our website by email email@example.com or a mobile Application, and We will try to remove it.
10. HOW DO YOU KNOW IF THIS POLICY IS CHANGED?
This Policy has access to any subject of personal data.