Version 1.0. – Last updated on October 15, 2021
“Personal Data” means any information relating to an identified or identifiable natural person (data subject); an identifiable natural person is one who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.
“Processing” means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organisation, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure or destruction.
The Website is an interface allowing you to purchase digital collectibles (“NFT”). NFT are running on the Ethereum Network, using specially developed smart contracts (hereinafter each a “Smart Contract”). The Website and Smart Contract are collectively referred to as “Application”. When you visit our Website, use our Services and/or Application or otherwise interact with us, you are trusting us with your Personal Data. We herewith would like to inform you how this Personal Data is used, to whom it is transferred and what rights you have in connection with the processing of your Personal Data.
1. Name and Address of Data Controller
“Data Controller” means the natural or legal person, public authority, agency or other body which, alone or jointly with others, determines the purposes and means of the processing of Personal Data; where the purposes and means of such processing are determined by Union or Member State law, the Data Controller or the specific criteria for its nomination may be provided for by Union or Member State law.
When we process your Personal Data as described herein, we independently determine the purposes and means of processing your Personal Data and do not act on behalf of any third party. This means that we are fully responsible for implementing appropriate technical and organizational measures to ensure and to demonstrate that our processing activities are compliant with the requirements under the applicable data protection regulation.
Hence, the Data Controller within the meaning of GDPR and other national data protection laws and regulations that determine the purposes and means of processing personal data is:
Unpaired Ltd (in incorporation), c/o Wadsack Zug AG, Bahnhofstrasse 7, 6300 Zug, Switzerland
Our data protection coordinator can be contacted at:
Email address: firstname.lastname@example.org
2. Scope and Purpose of Processing Personal Data
In case you decide to access and/or use the Website and/or Application to purchase an NFT according to our Terms & Conditions of Sale and Use, we process your Personal Data based on this contractual relationship to (i) perform our pre-contractual and contractual rights and obligations towards you, (ii) provide you with the Website and the Application and (iii) enabling you to use the Services and features on our Website and/or the Application (as further described in the Terms & Conditions of Sale and Use.
3. Legal Basis of Processing Personal Data
If you give us your consent to the processing of Personal Data, art. 6 (1) (a) GDPR serves as the legal basis for the processing.
If the processing of Personal Data is necessary for the performance of a contract to which you are party, such as the Terms & Conditions of Sale and Use, art. 6 (1) (b) GDPR serves as the legal basis for the processing. This also applies to processing operations that are necessary to carry out pre-contractual measures.
If the processing of Personal Data is necessary for compliance with legal obligation to which we are subject, art. 6 (1) (c) GDPR serves as the legal basis for the processing.
If the processing of Personal Data is necessary to protect the vital interests of the data subject or another natural person, art. 6 (1) (d) GDPR serves as the legal basis for the processing.
If the processing of Personal Data is necessary for the purposes of the legitimate interests pursued by us or a third party and where such interests are not overridden by the interests, fundamental rights and freedoms of the data subject which require protection of Personal Data, art. 6 (1) (f) GDPR serves as the legal basis for the processing.
4. Data Storage, Data Retention and Deletion
Your Personal Data will be erased or blocked as soon as it is no longer necessary in relation of the purpose of storage. Furthermore, Personal Data may be stored if this has been required by regulations, laws or other provisions to which we are subject. The Personal Data will also be blocked or erased if a storage period prescribed by the aforementioned standards expires, unless there is a need for further storage of the data for the conclusion or performance of a contract.
If your Personal Data is saved on the publicly accessible Ethereum blockchain, we cannot be responsible for your Personal Data and information, since we do not control the Ethereum network and cannot order deletion of your Personal Data and information. In so far, your right to be forgotten, as far as applicable and as defined further below in Section XII, is restricted.
Every time you visit our Website, our system automatically collects following data and information from the computer system of the calling computer:
The data is also stored in the log files of our system but is not stored together with other Personal Data of you.
The collection and processing of this data is carried out with the purpose of enabling the use of our Website, to guarantee system security and stability in the long term and to enable the optimization of our Website and Internet offer.
The temporary storage of your IP address is necessary to enable the Website to be delivered to your system. An evaluation of the data for marketing purposes does not take place in this context. The legal basis for the temporary storage of Personal Data and log files is art. 6 (1) (f) GDPR.
The Personal Data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. In the case of the collection of data for the provision of the Website, the data will be deleted when the respective session has ended.
If the Personal Data is stored in log files, it will be deleted after seven days at the latest. Further storage is possible. In this case, the IP addresses of the Users are deleted or alienated so that the calling client can no longer be assigned.
The collection of Personal Data for the provision of our Website and the storage of Personal Data in log files is absolutely necessary for the operation of the Website. Consequently, there is no possibility of objection.
We use Google Analytics to gather information about your use of our website and analyse data to help us maintain and improve our website.Click here to opt out of Google Analytics cookies. The information generated by Cookies about your use of this Website is usually transferred to a Google server in the USA and stored there. Google reserves the right to use these Cookies or the corresponding data for its own purposes, namely, to follow and investigate the use of this application, to generate reports on its activities and to pass these on to other Google services. Google may use the information collected to contextualise and personalise the ads in its own advertising network.
So-called social media plugins (“Social Media Plugins“), in particular the button/link of Instagram (a service of Facebook Inc., 1601 S. California Ave, Palo Alto, CA 94304, USA), the Twitter button/link of Twitter, Inc., 1355 Market Street, Suite 900, San Francisco, CA 94103 USA and Discord button/link of Discord Inc., 444 De Haro Street, #200, San Francisco, CA 94107, USA may be integrated on certain web pages of our Website (“Social Media Platforms“).
Social Media Plugins from other Social Media Platforms may be used on our Website (e.g., when you use the community section on our Website).
When you call up a page of our Website that contains such a Social Media Plugin, your browser establishes a direct connection to the servers of the respective Social Media Platform. The content of the Social Media Plugin is transmitted directly to your browser and integrated into the page. Through this integration, the Social Media Platform operator receives the information that your browser has called up the corresponding page of our Website, even if you do not have a profile on the respective Social Media Platform or are not currently logged in. This information (including your IP address) is transmitted by your browser directly to a server of the platform operator, which may be located in the USA, and stored there.
If you are logged in to the respective Social Media Platform, your visit to our Website can be directly assigned to your profile on the Social Media Platform. If you interact with the Social Media Plugins, for example by clicking the Instagram button, this information is also transmitted directly to a server of the platform operator and stored there. If you wish to prevent this, please log out of your Social Media Accounts before visiting our Website.
We have no influence on the data that Instagram, Twitter or Discord and any other Social Media Platform operators collect on the basis of their Social Media Plugins. The purpose and scope of the data collection and the further processing and use of the data by Instagram, Twitter or Discord as well as your rights and settings options in this regard to protect your privacy, can be found in the data protection notices of the respective providers:
In order to increase the protection of your data when visiting our Website, the Social Media Plugins are not integrated into the page without restriction, but only using an HTML link (so-called "Shariff solution" from c't). This integration ensures that when you call up a page of our Website that contains such Social Media Plugins, no connection is established with the servers of the provider of the respective social network. If you click on one of the buttons, a new window of your browser opens and calls up the page of the respective service provider on which you can (if necessary after entering your login data) e.g. click on the Like or Share button. The purpose and scope of the data collection and the further processing and use of the data by the providers on their pages as well as your rights in this regard and setting options for protecting your privacy can be found in the data protection notices of the respective providers.
In addition, you can completely prevent the loading of the Social Media Plugins with add-ons for your browser, such as the script blocker "NoScript", which can be downloaded here.
Our Website uses functions of the Google Analytics web analysis services of Google LLC, 1600 Amphitheatre Parkway, Mountain View, CA 94043 USA (“Google”).
The processing of your Personal Data enables us to analyse your surfing behaviour. We are in a position to compile information about the use of the individual components of our Website by evaluating the data obtained. This helps us to continuously improve our Website and its user-friendliness. For these purposes, it is also in our legitimate interest to process the Personal Data within the meaning of art. 6 (1) (f) GDPR.
We use Google Analytics to gather information about your use of our website and analyse data to help us maintain and improve our website. Click here to opt out of Google Analytics cookies. The information generated by Cookies about your use of this Website is usually transferred to a Google server in the USA and stored there.
Google reserves the right to use these Cookies or the corresponding data for its own purposes, namely, to follow and investigate the use of this application, to generate reports on its activities and to pass these on to other Google services. Google may use the information collected to contextualise and personalise the ads in its own advertising network.
The use of Google Analytics is based solely on your consent. You can withdraw your consent at any time. The withdrawal of your consent shall not affect the lawfulness of processing based on consent before its withdrawal.
The Personal Data collected by Google is:
The Personal Data collected by Google is usually transferred to a Google server in the USA and stored there. We have activated the "anonymizeIP" function on this Website. This means that your IP address is shortened by Google within member states of the European Union or the European Economic Area before being transmitted to the USA. Only in exceptional cases will the full IP address be transmitted to a Google server in the USA and shortened there. According to Google, the transmitted IP address will not be associated with any other Personal Data.
If you decide to access the Application and purchase an NFT through our Application, we collect and process the following Personal Data of you:
In case you decide to access and/or use the Website and/or Application to purchase an NFT according to our Terms & Conditions of Sale and Use, we process your Personal Data based on this contractual relationship and to perform our pre-contractual and obligations towards you. The legal basis for the processing is art. 6 (1) (b) GDPR. In particular, the collection and processing of your PuK is necessary in order to perform our contractual obligations under the Terms & Conditions of Sale and Use (such as to transfer ownership of your NFT purchased by you to your Ethereum wallet address) and is based on art. 6 (1) (b) GDPR.
As your PuK is saved on the publicly accessible Ethereum blockchain, we cannot be responsible for retention and deletion of your PuK, since we do not control the Ethereum network. In so far, your right to be forgotten, as far as applicable and as defined further below in Section XII, is in this regard restricted.
The collection and processing of your IP address used by your system is necessary to verify if you adhere to our Terms & Conditions of Sale and Use. Pursuant to Section 3 of the Terms and Conditions of Sale and Use, you are not allowed to buy an NFT if the country you are resident of, citizen of, or located in does not allow the access to the Application and/or the purchase of an NFT.
Generally, we delete your IP address one year after the NFT sale was concluded. However, in case we are permitted or required under applicable laws, for legal, tax or regulatory reasons, we may retain your IP address for a longer period of time. In such case, the legal basis for the processing is art. 6 (1) (c) GDPR.
There is an option on our Website to put your email address on a contact list. This contact form on our Website can be used for electronic contact. If you take advantage of this possibility, the following data entered in the contact form will be transmitted to us and will be stored:
At the time your email address is sent, the following data is stored in addition:
Your consent is obtained for the processing of the Personal Data. Alternatively, you can contact us via the e-mail address provided. In this case, your Personal Data transmitted by e-mail will be stored. Your Personal Data is used exclusively for processing the conversation. If you contact us by e-mail, you can object to the storage of your Personal Data at any time. In this case, the conversation cannot be continued.
The legal basis for the processing of data is art. 6 (1) (a) GDPR if you have given us your consent.
The legal basis for the processing of Personal Data transmitted in the course of sending an e-mail is art. 6 (1) (f) GDPR. If the e-mail contact aims at the conclusion of a contract, then the additional legal basis for the processing is art. 6 (1) (b) GDPR.
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected.
You can subscribe to a free newsletter on our Website. Our newsletter primarily contains information about us, our Services, features, information about services related to the Application or envisaged plans and marketing information.
When you register for the newsletter, we collect and process the following Personal Data from the input mask transmitted to us:
In addition, the following data is collected upon registration:
The consent is based on the so-called double opt-in procedure. This means that after registration you will receive an email asking you to confirm your registration. This confirmation is necessary so that no one can register with a foreign e-mail address. The collection of your e-mail address serves to send the newsletter. The collection of other Personal Data as part of the registration process serves to prevent misuse of the services or the e-mail address.
The data will be erased as soon as it is no longer necessary to achieve the purpose for which it was collected. Your email address will therefore be stored for as long as the subscription to the newsletter is active. The other Personal Data collected during the registration process will generally be deleted after a period of seven days.
The subscription to the newsletter can be cancelled by you at any time. For this purpose, there is a corresponding link in every newsletter. This also makes it possible to withdraw the consent to the storage of Personal Data collected during the registration process.
We use and have integrated Mailchimp, a newsletter tool provided by Rocket Science Group, LLC, 675 Ponce De Leon Ave NE #5000, Atlanta, GA 30308, USA («Rocket Science Group») for the collection of email addresses in order to dispatch our newsletters.
We have concluded a data processing agreement with Rocket Science Group in order to implement the strict requirements of GDPR and FADP when using Mailchimp.
The Personal Data entered in the input mask when registering for the newsletter (see Section VIII above) is stored on the servers of the Rocket Science Group in the USA. Rocket Science Group uses this information to send and evaluate the newsletter on our behalf. Furthermore, according to its own information, Rocket Science Group may use this Personal Data to optimize or improve its own services, e.g., to technically optimize the dispatch and display of the newsletters or to determine from which countries the recipients come. However, Rocket Science Group does not use your Personal Data to contact you directly and does not pass it on to third parties.
We are a Swiss based company but our affiliates, partners and other third-party providers may be situated in different jurisdictions. Therefore, and within the scope of the purposes and uses described above, we may be required to transfer your Personal Data to third countries outside of Switzerland and outside of the European Union or the European Economic Area and to countries that may not provide an equivalent level of data protection. We transfer Personal Data in line with art. 6 FADP and art. 44 et seq. GDPR. In case that Personal Data will be transferred to a country that does not provide equivalent level of data protection, the Personal Data will be transferred either on:
We have appropriate technological and organizational measures and operational, electronic and physical security processes designed and implemented to protect your Personal Data by taking into account the state of the art, the cost of implementation and the nature, scope, context and purposes of processing as well as the risks of varying likelihood and severity for rights and freedoms of natural persons posed by the processing.
Please be aware that we cannot ensure the security of your Personal Data or information you transmit to us over the Internet.
If Personal Data concerning you are processed, you are a Data Subject within the meaning of the GDPR and you have the following rights:
1. Right of Access
You can ask us, as the Data Controller to confirm whether Personal Data concerning you is being processed by us.
Is that the case, you can request the following information from us:
You have the right to request information as to whether the Personal Data concerning you is transferred to a third country or to an international organization. In this context, you may request to be informed of the appropriate safeguards pursuant to art. 46 GDPR relating to the transfer.
Your right of access may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.
2. Right to Rectification
You have the right to obtain from the Data Controller the rectification and/or completion of incorrect or incomplete Personal Data concerning you. The Data Controller shall make the correction/completion without delay.
Your right to rectification may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.
3. Right to Restriction of Processing
Under the following conditions, you have the right to request the restriction of processing of Personal Data concerning you:
Where processing of Personal Data concerning you has been restricted, such Personal Data may only be processed – with the exception of storage – with your consent or for the establishment, exercise or defence of legal claims or for the protection of the rights of another natural or legal person or for reasons of an important public interest of the European Union or a Member State.
If the processing restriction has been restricted according to the above conditions, you will be informed by the Data Controller before the restriction is lifted.
Your right to restriction of processing may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.
4. Right to Erasure
4.1 Obligation to Erase
You have the right to obtain from the Data Controller the erasure of Personal Data concerning you and the Data Controller is obliged to erase Personal Data without undue delay where one of the following grounds applies:
4.2 Information to Third Parties
Where the Data Controller has made the Personal Data public and is obliged pursuant to art. 17 (1) GDPR to erase the Personal Data, the Data Controller, taking account of available technology and the cost of implementation, shall take reasonable steps, including technical measures, to inform Data Controllers which are processing the Personal Data that you as the Data Subject have requested the erasure by such Data Controllers of any links to, or copy or replication of, the Personal Data.
The right to erasure shall not apply to the extent that processing is necessary:
5. Right to Information
If you have exercised your right of rectification, erasure or restriction of processing against the Data Controller, the Data Controller is obliged to notify all recipients to whom the Personal Data have been disclosed, unless this proves impossible or involves disproportionate effort.
You have the right to obtain from the Data Controller the information about those recipients.
6. Right to Data Portability
You have the right to receive the Personal Data concerning you which you have provided to the Data Controller in a structured, commonly used and machine-readable format. In addition, you have the right to transmit the data to another Data Controller without hindrance from the Data Controller to which the Personal Data have been provided, where:
In exercising this right, you also have the right to have the Personal Data transmitted directly from one Data Controller to another, where technically feasible. The freedoms and rights of others shall not be affected by this.
The right to data portability shall not apply to processing necessary for the performance of a task carried out of a public interest or in the exercise of official authority vested in the Data Controller.
7. Right to Object
You have the right to object, on grounds relating to your particular situation, at any time to the processing of Personal Data concerning you which is based on art. 6 (1) (e) or (f) GDPR, including profiling based on those provisions.
The Data Controller no longer processes the Personal Data concerning you, unless he demonstrates compelling legitimate grounds for the processing which override your interests, rights and freedoms, or for the establishment, exercise or defence of legal claims.
Where Personal Data is processed for direct marketing purposes, you have the right to object at any time to processing of the Personal Data concerning you for such marketing, which includes profiling to the extent that it is related with such direct marketing.
Where you object to processing for direct marketing purposes, the Personal Data concerning you will no longer be processed for such purposes.
You have the possibility to exercise your right of object in the context with the use of information society services, and notwithstanding Directive 2002/58/EC, by automated means using technical specifications.
Where Personal Data is processed for scientific or historical research purposes or statistical purposes pursuant to art. 89 (1) GDPR, you have the right to object to processing of Personal Data concerning you, on grounds relating to your particular situation, unless the processing is necessary for the performance of a task carried out for reasons of public interest.
Your right to object may be restricted to the extent that it is likely to render the performance of research or statistical purposes impossible or seriously compromises it and the restriction is necessary for the performance of research or statistical purposes.
8. Right to withdraw the consent to process Personal Data
You have the right to withdraw your consent at any time. The withdrawal of consent shall not affect the lawfulness of processing based on consent before its withdrawal.
9. Automated Individual Decision-Making, including Profiling
You have the right not to be subject to a decision based solely on automated processing – including profiling – which produces legal effects concerning you or similarly significantly affects you. This does not apply if the decision:
However, these decisions may not be based on special categories of Personal Data pursuant to art. 9 para. 1 GDPR, unless art. 9 para. 2 let. a or g GDPR applies and appropriate measures have been taken to protect your rights and freedoms and your legitimate interests.
In the cases referred to in points a) and c), the Data Controller implements suitable measures to safeguard your rights and freedoms as well as your legitimate interests, including at least the right to obtain human intervention on the part of the Data Controller, to express your point of view and to contest the decision.
10. Right to lodge a Complaint with a Supervisory Authority
Without prejudice to any other administrative or judicial remedy, you have the right to lodge a complaint with a supervisory authority, in particular in the Member of your habitual residence, place of work or place of the alleged infringement, if you consider that the processing of Personal Data concerning you infringes the GDPR.
The supervisory authority with which the complaint has been lodged shall inform the complainant of the progress and the outcome of the complaint, including the possibility of a judicial remedy pursuant to art. 78 GDPR.
In Switzerland, the Federal Data Protection and Information Commissioner is the competent data protection authority. The contact details are available here: www.edoeb.admin.ch.
If you are residing in the European Union, you also have the right to complain to your local data protection supervisory authority. You can find the contact details of the respective authorities of the Member States of the European Union here: http://ec.europa.eu/justice/data-protection/bodies/authorities/index_en.html.
If you access other third-party websites using the links provided, the operators of these third-party websites may collect information from you that will be used by them in accordance with their privacy policies. We do not control those third-party websites or any of the content, products or services contained therein or provided by them. If you submit Personal Data or information to any of those third-party sites, use their content, services or products, your Personal Data or information is governed by their privacy policies and practices.
We are in no way liable or responsible for any of those third-party websites, including, without limitation, their content, services, policies, failures, promotions, products, or actions and/or any damages, losses, failures, misuse, leakage, or problems caused by, related to, arising from or are in connection with those third-party websites. Nonetheless, we encourage you to review and read all policies, privacy policies, agreements, rules, terms, disclaimers, and regulations of each third-party website that you visit and/or content, services, products you use.