Certhis Privacy Policy

Cert Technology Ltd. ("Company" “we”, “us”, or “our”) is committed to protecting your privacy, this policy describes our practices regarding Personal Data (as defined below) that we may collect, use, and share in connection with the Company website, mobile app, and other software provided on or in connection with our services, as described in our Terms of Use (collectively, the “Service”). Where this Privacy Policy uses the term “NFT” it means a non-fungible token or similar digital item implemented on a blockchain (such as the Ethereum blockchain), which uses smart contracts to link to or otherwise be associated with certain content or data.

1. Types of Data We Collect.

“Personal Data” means data that allows someone to identify you individually, including, for example, your name, email address, as well as any other non-public information about you that is associated with or linked to any of the foregoing. “Anonymous Data” means data, including aggregated and de-identified data, from which you cannot be readily identified. We collect Personal Data and Anonymous Data as described below.

a. Information You Provide Us.

I. When you use our Service, update your account profile, or contact us, we may collect Personal Data from you, such as email address, first and last name, user name, and other information you provide. We also collect your blockchain address when you provide it to us as part of configuring your instance of the Services, which may become associated with Personal Data as you use the Services after that point.
II. Our Service lets you store user preferences, for example: how your content is displayed, notification settings, and favorites. We may associate these choices with your ID, browser, or mobile device.
III. If you provide us with feedback or contact us, we will collect your name and contact information, as well as any other content included in the message.
IV. We may also collect Personal Data at other points in our Service where you voluntarily provide it or where we state that Personal Data provided in a particular process is being collected.

b. Information Collected via Technology.

As you navigate through and interact with our Service, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
I. Information Collected by Our Servers. To provide our Service and make it more useful to you, we (or a third party service provider) collect information from you, including, but not limited to, your browser type, operating system, Internet Protocol (“IP”) address, mobile device ID, blockchain address, wallet type, and date/time stamps.
II. Log Files. As is true of most websites and applications, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamps, and clickstream data. We use this information to analyze trends, administer the Service, track users’ movements around the Service, and better tailor our Services to our users’ needs. For example, some of the information may be collected so that when you visit the Service, it will recognize you and the information can be used to personalize your experience.
III. Cookies. Like many online services, we use cookies to collect information. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them) to analyze how users interact with our Service, make improvements to our product quality, and provide users with a more personalized experience. For more information about the cookies we use and how to manage them, please review the Cookie Policy on our website.
IV. Pixel Tag. In addition, we use “Pixel Tags” (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags allow us to analyze how users find our Service, make the Service more useful to you, and tailor your experience with us to meet your particular interests and needs.
V. How We Respond to Do Not Track Signals. OOur systems do not currently recognize “do not track” signals or other mechanisms that might enable Users to opt out of tracking on our site.
VI. Analytics Services. In addition to the tracking technologies, we place like Cookies and Pixel Tags, other companies may set their own cookies or similar tools when you visit our Service. This includes third-party analytics services (“Analytics Services”) that we engage to help analyze how users use the Service. The information generated by the Cookies or other technologies about your use of our Service (the “Analytics Information”) is transmitted to the Analytics Services. The Analytics Services use Analytics Information to compile reports on user activity, which we may receive on an individual or aggregate basis. We use the information we get from Analytics Services to improve our Service. The Analytics Services may also transfer information to third parties where required to do so by law, or where such third parties process Analytics Information on their behalf. Each Analytics Services’ ability to use and share Analytics Information is restricted by such Analytics Services’ terms of use and privacy policy. By using our Service, you consent to the processing of data about you by Analytics Services in the manner and for the purposes set out above.

c. Information Collected from Third-Party Companies.

We may receive Personal and/or Anonymous Data about you from companies that offer their products and/or services for use in conjunction with our Service or whose products and/or services may be linked from our Service. For example, third-party wallet providers provide us with your blockchain address and certain other information you choose to share with those wallets' providers. We may add this to the data we have already collected from or about you through our Service.

d. Public Information Observed from Blockchains.

We collect data from activity that is publicly visible and/or accessible on blockchain networks with which you may interact as you use the Service. This may include blockchain addresses and information regarding purchases, sales, or transfers of NFTs, which may then be associated with other data you have provided to us. Provision of this kind of data by users of blockchain networks is typically necessary to enable those networks to collect and record the transaction information necessary for them to function. The collection of that data is configured by the third party which originated the relevant network and we are unable to change or amend the way that any individual network operates or records transaction data.

2. Use of Your Personal Data.

a. We process your Personal Data to run our business, provide the Service, personalize your experience on the Service, and improve the Service. Specifically, we use your Personal Data to:

I. facilitate the creation of and secure your account;
II. identify you as a user in our system;
III. provide you with our Service, including, but not limited to, helping you view, explore, and create NFTs using our tools and, at your own discretion, connect directly with others to purchase, sell, or transfer NFTs on public blockchains;
IV. improve the administration of our Service and quality of experience when you interact with our Service, including, but not limited to, by analyzing how you and other users find and interact with the Service;
V. provide customer support and respond to your requests and inquiries;
VI. investigate and address conduct that may violate our Terms of Service;
VII. detect, prevent, and address fraud, violations of our terms or policies, and/or other harmful or unlawful activity;

VIII. display your username next to the NFTs currently or previously accessible in your third-party wallet, and next to NFTs on which you have interacted;
IX. send you a welcome email to verify ownership of the email address provided when your account was created;
X. send you administrative notifications, such as security, support, and maintenance advisories;
XI. send you notifications related to actions on the Service, including notifications of offers on your NFTs;
XII. send you newsletters, promotional materials, and other notices related to our Services or third parties' goods and services;
XIII. respond to your inquiries related to employment opportunities or other requests;
XIV. comply with applicable laws, cooperate with investigations by law enforcement or other authorities of suspected violations of law, and/or to pursue or defend against legal threats and/or claims; and
XV. act in any other way we may describe when you provide the Personal Data.

b. We may create Anonymous Data records from Personal Data. We use this Anonymous Data to analyze request and usage patterns so that we may improve our Services and enhance Service navigation. We reserve the right to use Anonymous Data for any purpose and to disclose Anonymous Data to third parties without restriction.

3. Disclosure of Your Personal Data.

We disclose your Personal Data as described below and as described elsewhere in this Privacy Policy.

a. Third Party Service Providers.

We may share your Personal Data with third party service providers to: provide technical infrastructure services; conduct quality assurance testing; analyze how our Service is used; prevent, detect, and respond to unauthorized activities; provide technical and customer support; and/or to provide other support to us and to the Service.

b. Affiliates.

We may share some or all of your Personal Data with any subsidiaries, joint ventures, or other companies under our common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy.

c. Corporate Restructuring.

We may share some or all of your Personal Data in connection with or during negotiation of any merger, financing, acquisition, or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.

d. Legal Rights.

Regardless of any choices you make regarding your Personal Data (as described below), Company may disclose Personal Data if it believes in good faith that such disclosure is necessary: (a) in connection with any legal investigation; (b) to comply with relevant laws or to respond to subpoenas, warrants, or other legal process served on Company; (c) to protect or defend the rights or property of Company or users of the Service; and/or (d) to investigate or assist in preventing any violation or potential violation of the law, this Privacy Policy, or our Terms of Service.

e. Other Disclosures.

We may also disclose your Personal Data: to fulfill the purpose for which you provide it; for any other purpose disclosed by us when you provide it; or with your consent.

4. Third-Party Websites.

Our Service may contain links to third-party websites. When you click on a link to any other website or location, you will leave our Service and go to another site, and another entity may collect Personal Data from you. We have no control over, do not review, and cannot be responsible for these third-party websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these third-party websites or their content, or to any collection of your Personal Data after you click on links to such third-party websites. We encourage you to read the privacy policies of every website you visit. Any links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.

5. Third-Party Wallets.

To use our Service effectively, you will also need to a digital wallet provided by a third-party (many such services are available and we do not recommend or require any particular vendor) which allows you to engage in transactions on public blockchains. Your interactions with any third-party wallet provider will be governed by the applicable terms of service and privacy policy of that third party, and you should read them carefully to ensure that you understand how they are likely to process your data. Please note that we are unlikely to be able to assist you with any queries or concerns that you may have which relate to processing of your Personal Data by the provider of a digital wallet.

6. Your Choices Regarding Information.

You have several choices regarding the use of information on our Services:

a. Where you have subscribed to receive them we may periodically send you newsletters and/or emails that directly promote the use of our Service or third parties’ goods and services. When you receive newsletters or promotional communications from us, you may indicate a preference to stop receiving these communications from us by following the unsubscribe instructions provided in the email you receive. Despite these preferences, we may send you occasional transactional service-related informational communications.

b. If you decide at any time that you no longer wish to accept Cookies from our Service for any of the purposes described above, then you can instruct your browser, by changing its settings, to stop accepting Cookies or to prompt you before accepting a Cookie from the websites you visit or to use our Cookie manger included in our Cookie Policy. If you do not accept any Cookies, including functionality Cookies which our site uses to operate, then you may not be able to use all portions of the Service or all functionality of the Service.

7. Data Access and Control.

You can view, access, edit, or delete your Personal Data for certain aspects of the Service via your Settings page. You may also have certain additional rights:

a. If you are a user in the European Economic Area or United Kingdom, you have certain rights under the respective European and UK General Data Protection Regulations (“GDPR”). These include the right to (i) request access and obtain a copy of your personal data; (ii) request rectification or erasure; (iii) object to or restrict the processing of your personal data; and (iv) request portability of your personal data. Additionally, if we have collected and processed your personal data with your consent, you have the right to withdraw your consent at any time. For more information about your rights under the GDPR, please visit our GDPR Privacy Notice to European Residents in Addendum I below.

b. If you are a California resident, you have certain rights under the California Consumer Privacy Act (“CCPA”). These include the right to (i) request access to, details regarding, and a copy of the personal information we have collected about you and/or shared with third parties; (ii) request deletion of the personal information that we have collected about you; and (iii) the right to opt-out of sale of your personal information. As the terms are defined under the CCPA, we do not “sell” your “personal information.”

c. If you wish to exercise your rights under the GDPR, CCPA, or other applicable data protection or privacy laws, please contact us by using the “Submit a request” at the address provided in Section 13 below, specify your request, and reference the applicable law. We may ask you to verify your identity, or ask for more information about your request. We will consider and act upon any above request in accordance with applicable law. We will not discriminate against you for exercising any of these rights.

d. Notwithstanding the above, we cannot edit or delete any information that is stored on a blockchain, for example the Ethereum blockchain, as we do not have custody or control over any individual blockchain network. As noted above, the information stored on a blockchain may include purchases, sales, and transfers related to your blockchain address and NFTs held at that address and is usually necessary to enable that blockchain to operate. As such, you should only engage in transactions using a blockchain network where you are happy for a permanent record of them to be made and kept.

8. Data Retention.

We may retain your Personal Data as long as you continue to use the Service, have an account with us, or for as long as is necessary to fulfill the purposes outlined in this Privacy Policy. We may continue to retain your Personal Data even after you deactivate your account and/or cease to use the Service if such retention is reasonably necessary to comply with our legal obligations, to resolve disputes, prevent fraud and abuse, enforce our Terms or other agreements, and/or protect our legitimate interests. Where your Personal Data is no longer required for these purposes, we will delete it (but please note that this does not apply to Personal Data which you have permitted to be stored on a blockchain network).

9. Data Protection.

Company implements reasonable and appropriate physical, administrative and technical safeguards to help us protect your personal data from unauthorized access, use and disclosure, and to maintain accuracy and ensure the appropriate use of your information. Where appropriate, these safeguards include encryption. However, no data transmissions over the Internet can be guaranteed to be 100% secure. Consequently, we cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk. We believe that we have put in place appropriate physical, electronic, and managerial procedures to help safeguard and help prevent unauthorized access, maintain data security, and correctly use the information we collect online. In the event that any information under our custody and control is compromised as a result of a breach of security, we will take steps to investigate and remediate the situation and, in accordance with applicable laws and regulations, notify those individuals whose information may have been compromised. For avoidance of doubt, you are responsible for the security of your digital wallet, and we urge you to take steps to ensure it is and remains secure. If you discover an issue related to your wallet, please contact your wallet provider.

10. Minors.

We do not intentionally gather Personal Data from visitors who are under the age of 13. Our Terms of Service require all users to be at least 18 years old. If a child under 13 submits Personal Data to Company and we learn that the Personal Data is the information of a child under 13, we will attempt to delete the information as soon as possible. If you believe that we might have any Personal Data from a child under 13, please contact us at the address indicated in Section 13 below.

11. Users Outside of the United Kingdom.

If you are a non-UK user of the Service, by visiting the Service and providing us with data, you acknowledge and agree that your Personal Data may be processed for the purposes identified in the Privacy Policy. In addition, your Personal Data may be processed in the country in which it was collected and/or it may be transferred to, stored and processed in other countries, where laws regarding processing of Personal Data may be less stringent than the laws in your country. As a result, where the personal data that we collect through or in connection with the Services is processed in other countries, we will take steps to ensure that the information receives the same level of protection as if it remained within your home country. By providing your Personal Data, you consent to such transfer.

12. Changes to This Privacy Policy.

This Privacy Policy may be updated from time to time for any reason. We will notify you of any changes to our Privacy Policy by posting the new Privacy Policy at www.certhis.io . The date the Privacy Policy was last revised is identified at the end of this Privacy Policy. You are responsible for periodically visiting our Service and this Privacy Policy to check for any changes.

13. Questions; Contacting; Reporting Violations.

If you have any questions or concerns or complaints about our Privacy Policy or our data collection or processing practices, or if you want to report any security violations to us, please contact us at [email protected].

Addendum I -- GDPR Privacy Notice to European Residents

If you are a resident of the European Union ("EU"), United Kingdom, Lichtenstein, Norway, or Iceland, you may have additional rights under the EU General Data Protection Regulation (the "GDPR") with respect to your Personal Data, as outlined in this GDPR Addendum (the "GDPR Addendum").

For this GDPR Addendum, we use the terms "Personal Data" and "processing" as they are defined in the GDPR, but "Personal Data"generally means information that can be used to identify a person, and "processing" generally refers to actions that can be performed on data such as its collection, use, storage or disclosure.

The Company will usually be the controller of your Personal Data processed in connection with the Services. Note that we may also process Personal Data of our customers' end users or employees in connection with our provision of certain services to customers, in which case we may be the processor of Personal Data. If we are the processor of your Personal Data (i.e., not the controller), please contact the controller party in the first instance to address your rights with respect to such data.

Where applicable, this GDPR Addendum is intended to supplement, and not replace, our Privacy Policy. If there are any conflicts between the GDPR Addendum and the other parts of the Privacy Policy, and you are a resident of the EU, United Kingdom, Lichtenstein, Norway, or Iceland, the provision that is more protective of Personal

Data shall control to the extent of such conflict. If you have any questions about this section or whether any of the following rights apply to you, please contact us at [email protected].

1.Types of Personal Data we Collect

We currently collect and otherwise process the kinds of Personal Data listed above in Section 1 of our Privacy Policy.

2. How we Get the Personal Data and why we Have it

We receive the Personal Data in the ways and for the purposes listed above in Section in Section 1 of our Privacy Policy. We will only process your Personal Data if we have a lawful basis for doing so. Under the GDPR, the lawful bases we rely on for processing this information are:

a. Your Consent

In some cases, we process Personal Data based on the consent you expressly grant to us at the time we collect such data. When we process Personal Data based on your consent, it will be expressly indicated to you at the point and time of collection. You can remove your consent at any time. You can do this by contacting us via email at [email protected] with the subject line "GDPR Request."

b. We Have a Contractual Obligation

We process certain categories of Personal Data as a matter of "contractual necessity", meaning that we need to process the data to perform under our Terms of Use with you, which enables us to provide you with the Services. When we process data due to contractual necessity, failure to provide such Personal Data will result in your inability to use some or all portions of the Services that require such data. These categories of Personal Data are:

I. Profile or Contact Data

II. Device/IP Data

III. Geolocation Data

IV. Mobile no.

c .We Have a Legitimate Interest

We process the following categories of Personal Data when we believe it furthers the legitimate interest of us or third parties:

I. Profile or Contact Data

II. Device/IP Data

III. Geolocation Data

IV. Mobile no.

Our legitimate interests are:

Information Security: We process contact information, and the information collected through cookies and when you use the Services in order to maintain an audit log of activities performed. We use this information pursuant to our legitimate interests in tracking usage, combating DDOS or other attacks, and removing or defending against malicious individuals or programs.

Operation and Improvement of our Services: We process server log information and information collected through cookies pursuant to our legitimate interest in operating and improving our Services.

Audience Measurement and Retargeting: Pursuant to a user's consent, we use analytics cookies, and collect identifiers through such cookies, for purposes of audience measurement, analytics, audience reaction to the Services, and creating relevant user experiences.

General Business Development and Management: We process Personal Data pursuant to our legitimate interest in creating and managing our business relationships with European Individuals, including without limitation:

a. To respond to inquiries from European Individuals;

b. To provide European Individuals with information about our products and services; and

c. To assist European Individuals with any issues while using the Services.

Direct Marketing: Generally, we send email marketing to European Individuals pursuant to their consent. When you use the Website, email marketing may be sent to you pursuant to our legitimate interest in sending marketing communications to you in the context of such engagement.

Protection of Rights: We may also disclose Personal Data to respond to claims of violation of third party rights or to enforce and protect our rights.

d. We Have a Legal Obligation

We may be required to disclose Personal Data in response to lawful requests by public authorities, including for the purpose of meeting national security or law enforcement requirements. We may also disclose Personal Data to other third parties when compelled to do so by government authorities or required by law or regulation including, but not limited to, in response to court orders and subpoenas.

3. How we Share Your Personal Data

Sections 2-3 of the Privacy Policy explain how we share your Personal Data with third parties.

4. How we Store and Protect Your Personal Data

Section 9 of the Privacy Policy explains how we protect your Personal Data. If you have reason to believe that your interaction with us is no longer secure, please immediately notify us via email at [email protected]

5. Your Data Protection Rights

You have certain rights with respect to your Personal Data, including those set forth below. For more information about these rights, or to submit a request, please email us at [email protected]. You are not required to pay any charge for exercising your rights. If you make a request, we have one month to respond to you. Please note that in some circumstances, we may not be able to fully comply with your request, such as if it is frivolous or extremely impractical, if it jeopardizes the rights of others, or if it is not required by law, but in those circumstances, we will still respond to notify you of such a decision. In some cases, we may also need you to provide us with additional information, which may include Personal Data, if necessary to verify your identity and the nature of your request.

a. Right of access: You can request more information about the Personal Data we hold about you and request a copy of such Personal Data. Users of Company's dashboard can also access certain of your Personal Data by logging on to your account.

b. Right to rectification: If you believe that any Personal Data we are holding about you is incorrect or incomplete, you can request that we correct or supplement such data. Users of Company's dashboard can also correct some of this information (for example, email address) directly by logging on to your account.

c. Right to erasure: You can request that we erase some or all of your Personal Data from our systems.

d. Right to restriction of processing: You have the right to ask us to restrict the processing of your Personal Data.

e. Right to object to processing: You have the the right to object to the processing of your Personal Data in certain circumstances.

f. Right to data portability: You can ask for a copy of your Personal Data in a machine-readable format. You can also request that we transmit the data to another controller where technically feasible.

g. Right to withdraw consent: If we are processing your Personal Data based on your consent (as indicated at the time of collection of such data), you have the right to withdraw your consent at any time. Please note, however, that if you exercise this right, you may have to then provide express consent on a case-by-case basis for the use or disclosure of certain of your Personal Data, if such use or disclosure is necessary to enable you to utilize some or all of our Services.

h. Objecting to Legitimate Interest/Direct Marketing: You may object to Personal Data processed pursuant to our legitimate interest. In such case, we will no longer process your Personal Data unless we can demonstrate appropriate, overriding legitimate grounds for the processing or if needed for the establishment, exercise, or defense of legal claims. You may also object at any time to processing of your Personal Data for direct marketing purposes by clicking "Unsubscribe" within an automated marketing email or by submitting your request to [email protected] with the subject line "GDPR Request." In such case, your Personal Data will no longer be used for that purpose.

6 . How to Complain

If you have any concerns about our use of your Personal Data, you can make a complaint to us at [email protected] with the subject line "GDPR Request." You also have the right to lodge a complaint about the processing of your personal data with a supervisory authority of the European state where you work or live or where any alleged infringement of data protection laws occurred. A list of most of the supervisory authorities can be found here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html

7.Corporate Restructuring

In the event of a merger, reorganization, dissolution, or similar corporate event, or the sale of all or substantially all of our assets, the information that we have collected, including Personal Data, may be transferred to the surviving or acquiring entity. All such transfers shall be subject to our commitments with respect to the privacy and confidentiality of such Personal Data as set forth in this GDPR Addendum.

8. Transfers of Personal Data

The Services are hosted and operated in the United States ("U.S.") through Company and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided to Company in the U.S. and will be hosted on U.S. servers, and you authorize Company to transfer, store and process your information to and in the U.S., and possibly other countries. You hereby consent to the transfer of your data to the U.S. pursuant to a data processing agreement incorporating the modernized standard contractual clauses for the transfer of Personal Data to third countries promulgated by the European Commission on 4 June 2021, a copy of which can be obtained at https://ec.europa.eu/info/law/law-topic/data-protection/international-dimension-data-protection/standard-contractual-clauses-scc_en

9. Updates to this GDPR Addendum

If, in the future, we intend to process your Personal Data for a purpose other than that which it was collected, we will provide you with information on that purpose and any other relevant information at a reasonable time prior to such processing. After such time, the relevant information relating to such processing activity will be revised or added appropriately within this GDPR Addendum, and the "Effective Date" at the bottom of this page will be updated accordingly.

10. Our Contact Information

Please reach out to [email protected] for any questions, complaints, or requests regarding this GDPR Addendum, and include in the subject line "GDPR Request."

Last Update 16/07/2023