Last Updated: May 24, 2018
In this Policy “Services” means the IWallet website, any feature provided by us via the website or any local application (mobile desktop or otherwise), including without limitation wallet services or iWallet information services, but excluding API services, which are governed by a separate agreement.
1. Collecting of Personal Information
When you access or use the Services, we collect the following information:
1.1. Information you may provide to us: You may give us information about you by filling in forms on our website or through our app or by corresponding with us by phone, email or otherwise. This includes information you provide when you register to use the Services and when you report a problem with the website or with our app. The information you give us may include your name, email address, virtual currency addresses, business card or other identifying document, mobile phone number, alias, password, mobile PIN code, and any other information you choose to provide.
Information we collect about you: With regard to each of your visits to our website or our app we automatically collect the following information:
Log Information: We log technical information about your use of the Services, including the type of browser and version you use, last access time of your wallet, the Internet Protocol (IP) address used to create the wallet and the most recent IP address used to access the wallet.
Device Information: We collect information about the mobile device you use to access our mobile application, including the hardware model, operating system and version, unique device identifiers and mobile network information, but this information is anonymized and not tied to any particular person.
Address Information: When you create a wallet through our Services, you may choose to generate a public and private key pair. When you log out of the wallet, we collect an encrypted file, that, if unencrypted, would contain these keys, along with your transaction history. When you enable notifications through your Account Settings, we will collect the unencrypted public key in order to provide such notifications. Under no circumstances do we ever collect an unencrypted private key from you, nor can we decrypt any wallet file data.
Information We Collect from Other Sources: We also receive information from other sources and combine that with information we collect through our Services. For instance:
When you log in to our support desk center via a third-party social media service, we collect information about your social media account in accordance with the authorization procedures determined by such social media service, including your public profile, friend list and email address.
We use third-party services (e.g. Zendesk) co-branded as IWallet but will do so with clear notices. Any third-party services may collect information as determined by their own privacy policies.
2. Use of Personal Data
As it is in our legitimate interests to be responsive to you and to ensure the proper functioning of our products and organisation, we will use your information to:
Understand and meet your needs and preferences in using our Services;
Develop new and enhance existing service and product offerings;
Manage and develop our business and operations;
Carry out any purposes for which we have received your consent; and
Meet legal and regulatory requirements.
We also reserve the right to use aggregated Personal Data to understand how our users use our Services, provided that those data cannot identify any individual.
We use Google Analytics which is a web analytics tool that helps us understand how users engage with the website. Like many services, Google Analytics uses first-party cookies to track user interactions as in our case, where they are used to collect information about how users use our website. This information is used to compile reports and to help us improve our website. The reports disclose website trends without identifying individual visitors.
We will process your Personal Data legally and fairly and not use it outside the purposes of which we have informed you. So far as we are able we shall ensure that all of your Personal Data is accurate and up to date
3. Disclosure of Personal Data
We share your information with selected recipients to perform functions on our behalf. All such third parties will be contractually bound to protect data in compliance with our Policy. The categories of recipients include:
Companies within the IWallet corporate family located in the United States and the United Kingdom, in order to provide the Services to you.
SMS providers, like Infobip, located in the United Kingdom, to provide SMS services.
Email providers, like SendGrid, located in the United States, to provide email services.
Exchangers like ShapeShift, located in Switzerland, Coinify, located in Denmark, SFOX, located in the United States, and Unocoin, located in India, to provide digital asset exchange services to you in connection with the Services.
Cloud services providers, like Google, located in Ireland, and Amazon, located in Ireland, to store certain personal data and for disaster recovery services, as well as for the performance of any contract we enter into with you.
We also may share personal information with a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution or other sale or transfer of some or all of iWallet’s assets, whether as a going concern or as part of bankruptcy, liquidation or similar proceeding, in which Personal Data held by iWallet is among the assets transferred.
We shall require any third party, including without limitation any government or enforcement entity, seeking access to data we hold to have obtained a Court Order, or proof they are statutorily empowered to access your data and that their request is valid and within their power.
4. Security of Your Personal Data
We protect Personal Data with appropriate physical, technological and organizational safeguards and security measures. Your Personal Data comes to us via the internet which chooses its own routes and means whereby information is conveyed from location to location. As such we cannot give any warranty or assurance that the means where information is conveyed to us are safe, reliable or have integrity. We audit our procedures and security measures regularly to ensure they are being properly administered and remain effective and appropriate. Every member of iWallet is committed to our privacy policies and procedures to safeguard Personal Data. Our site has security measures in place to protect against the loss, misuse and unauthorized alteration of the information under our control. More specifically, our server uses SSL (Secure Sockets Layer) security protection by encrypting your Personal Data to prevent individuals from reading these Data as they travel over the Internet.
5. Retention of Your Personal Data
The length of time we retain Personal Data outside our back up system varies depending on the purpose for which it was collected and used, as follows:
Data you provide to us when subscribing for our services: while user remains active, stored in the UK.
Country Location data: while user remains active, stored in the UK.
Data on your preferences: while user remains active, stored in the UK.
IP address login: until subsequent login from a new IP, stored in the UK.
Push notification tokens: 12 months or until deactivation or expiry, stored in the UK.
Except where prohibited by law, this period may extend beyond the end of the particular relationship with us but only for so long as we are contractually bound to do so, or so far as is necessary for audit or other accounting purposes. When Personal Data are no longer needed we have procedures either to destroy, delete, erase or convert it to an anonymous form.
After you have terminated your use of our Services, we reserve the right to maintain your Personal Data as part of our standard back up procedures in an aggregated format.
6. Storage of Personal Data
If you reside in the EU, IWallet stores your Personal Data at secure locations in the EU. IWallet has ensured that appropriate security standards are in place regarding the safeguarding, confidentiality and security of Data.
The information that we collect from you will be transferred to, and stored in, destinations outside of your country and the European Economic Area ("EEA") as described below:
Adequacy Decision: The personal data that we collect from you will be transferred to, and stored at/processed in, the UK via encrypted communications channels and stored on hardware owned by IWallet for the purpose of operation of Services and disaster recovery, which were found to have an adequate level of protection for personal data under Commission Decision 2000/518/EC of 26 July 2000.
Model Clauses: The personal data that we collect from you will be transferred to, and stored at/processed in the UK via encrypted communications channels and stored on hardware owned by IWallet for the purpose of operation of Services and disaster recovery, under the Commission’s model contracts for the transfer of personal data to third countries (i.e., the standard contractual clauses), pursuant to Decision 2010/87/EU.
Privacy Shield: The personal data that we collect from you will be transferred to, and stored at/processed by, IWallet which complies with the US Department of Commerce's EU-US Privacy Shield and Swiss–US Privacy Shield and has certified that we adhere to the EU-US Privacy Shield Principles of Notice, Choice, Accountability for Onward Transfer, Security, Data Integrity and Purpose Limitation, Access, and Recourse, Enforcement and Liability. For more information about the EU-US Privacy Shield Framework and Swiss-US Privacy Shield Framework, visit the U.S. Department of Commerce's Privacy Shield website.
7. Your Rights
If you are a user of the Services located in the EU, in certain circumstances, you have the right to access and receive a copy of information we hold about you, to rectify any personal data held about you that is inaccurate and to request the deletion of personal data held about you. Any access request after the first such request by you may be subject to a reasonable fee to meet our costs in providing you with details of the information we hold about you. You also have the right to data portability for information you provide to us – this means that you can obtain a copy of your data in a commonly used electronic format so that you can manage and move it. You may have the right to restrict or object to the processing of your personal data by us. You can exercise your rights by contacting us at firstname.lastname@example.org.
By using the Services, you signify your agreement to this Policy. IWallet reserves the right to change this Policy at any time. If we make any material changes to this Policy the revised Policy will be posted here and notified to our users at least 30 days prior to the changes taking effect, so that you are always aware of what information we collect, how we use it and under what circumstances we disclose it. Please check this page frequently to see any updates or changes to this Policy.
9. Questions and Complaints
Any questions about this policy, the collection, use and disclosure of Personal Data by IWallet or access to your Personal Data which is required by law (or would be so subject had the storage in question taken place in a relevant EU member state if the case may be but not otherwise) to be disclosed should be directed to email@example.com.
In the event that you wish to make a complaint about how we process your personal data, please contact us in the first instance firstname.lastname@example.org and we will endeavor to deal with your request as soon as possible. This is without prejudice to your right to launch a claim with the data protection supervisory authority in the country in which you live or work where you think we have infringed data protection laws.