Last Updated: May 12, 2023
The WePad website available at https://wepad.io, including any of its subdomains (the “Website”), and any functionality and services provided via the Website (hereinafter collectively, the “Platform”) are provided by WePad Ltd, a company established under the laws of Seychelles (“we”, “us”, “our”). With respect to personal data collected on the Platform, we act as a data controller, meaning that we determine the purposes and means of processing your personal data.
This Privacy Notice sets out the types of personal data that we hold on you, how we collect and process such data, how long we keep it, and other relevant information about your personal data being processed in connection with your access to and use of the Platform. Personal data or personal information means any information directly or indirectly identifies you as an individual. In this Privacy Notice we use “personal data” and “personal information” as synonyms.
We process personal data in accordance with this Privacy Notice and we endeavour to comply with the applicable data protection legislation. If you have any questions regarding processing of your personal data, do not hesitate to contact us via the contact details provided below.
-
Contact details:
Name: WePad Ltd
Address: House of Francis, Room 303, Ile Du Port, Mahe, Seychelles
Email: support@wepad.io
-
What information we collect
The categories of personal data we collect depend on how you interact with us, use the Platform, and the requirements of applicable legislation. We collect and process the following types of personal data:
- Transaction Data
In order to enable you to use certain functionality of the Platform, for example, to stake the WWY tokens or make blockchain transactions on or through the Platform, we must receive your public address on the respective blockchain (the “Address”) associated with the cryptographic wallet that you connect to the Platform (the “Wallet”) and information about the blockchain transactions associated with the Address (the “Transactions”). The Address constitutes a random set of symbols assigned by the respective blockchain network, for instance, starting with “0x”. References to the “Address” and “Transaction” in this Privacy Notice apply to the Addresses and Transactions on all applicable blockchain networks and references to “Wallet” apply to any cryptographic wallet, which is essentially a pair of public and private cryptographic keys that can be used to receive, manage and dispose of cryptographic tokens, regardless of such wallet’s underlying blockchain.
We collect and process your Address when you connect your Wallet to the Platform. When you carry out Transactions via the Platform, we collect and process certain information about such Transactions, such as: (i) Transaction amount; (ii) Addresses or account details of sender and recipient; (iii) Transaction time and date; (iv) Transaction status; (v) Transaction history, etc.
While processing the Address and Transactions we cannot identify you as an individual (because it is not possible to identify you having only a random set of symbols). Therefore, generally, this data is not personal. However, under the applicable data protection legislation, if such data is combined with certain other data (such as a name, email address, nickname, photo, or phone number) it may become possible to identify you as an individual and thus, such a set of data may be deemed personal information. Accordingly, if you provide us with the Verification Data, as described below, we will be able to identify you as an owner of the respective Wallet.
- Verification Data
In order for you to participate in an IDO or purchase IDO tokens through the Platform, in each case as defined in the WePad Terms of Service, and in order for us to enable your participation in an IDO, we collect the personal data to verify your identity and place of your residence. Such information includes:
- your first name, last name, and middle name, if any;
- address information, including country of residence, city, ZIP code, name of the street, number of house and/or apartment;
- ID document (such as passport, driver licence, permit of residence, or ID card) and associated information;
- your current selfie photo;
- phone number;
- electronic mail (email) address; and
- Wallet Address.
- Analytical Data
When you access and use the Platform, certain data may be collected automatically via the Google Analytics solution.
The information gathered by Google Analytics includes the following: (1) IP address, (2) the type of device used, (3) the device operating system, (4) the browser used. After collecting the personal data, Google Analytics creates reports about the use of the Platform, which contain the aggregated information where we do not see any data pertaining to a particular person. In other words, we cannot identify you from the other visitors of the Platform. Please note that according to Google Analytics documentation, the IP address is anonymised (masked), so neither we nor Google can identify the IP address of a particular visitor.
In addition to the above, with Google Analytics we collect certain information regarding the use of the Platform, for instance, when you clicked a certain button or made some input. This information is also aggregated and we cannot identify your actions from the actions of other Platform visitors.
- Application Data
When you apply for conducting an initial decentralised offering (IDO) on the Platform, we collect your name, email address, Telegram (messenger) contact, project name and its description.
- Contact Data
We may also collect certain data if you reach us via (a) the contact details indicated in this Privacy Notice or on the Platform, or (b) request or communication system that may be available on the Platform from time to time. In this case, we may collect and process certain information related to your request, such as email address, name, Telegram (messenger) contact, or any other data requested by us or data that you choose to provide us with.
- Subscription Data
You may subscribe to receiving marketing and newsletter emails from us, for which purpose, you will need to provide us with your email address.
- Referral Data
When you participate in our referral or bonus program, we generate a referral link and automatically assign to you a referral ID, which essentially is a unique identification number, used for internal purposes to identify you as a user, who shares a referral link and invites others to use the Platform.
Invited users are also assigned with a unique internal identification number to identify referred users.
-
How we use and share the information
- General:
We do not sell or rent out your data. However, we may share your personal data in accordance with this Privacy Notice, applicable legislation, or with your consent, in each case for the purposes of and if it is reasonably necessary:
- to provide you with access to the Platform and performance of our undertakings with you;
- for compliance with the applicable laws and regulations; or
- for our legitimate interest to maintain, improve and develop the Platform..
Please note that if we share any portion of your personal data with third persons, we will endeavour to secure such transfer using appropriate legal, organisational, and technical measures.
Given the purposes outlined above, your personal information is shared with the following categories of recipients:
- our affiliates, meaning a person controlling, controlled by, or under the same control with us;
- analytical solution providers;
- marketing teams;
- support teams;
- customer service software;
- technical teams;
- verification service providers;
- hosting service providers;
- email delivery service providers;
- government authorities, upon their request or if necessary to comply with our legal obligations;
- another entity if we sell or otherwise transfer the Platforms or its part; and
- other third-party solutions, which may be from time to time integrated into the Platform.
- Transaction Data:
We use the Transaction Data to ensure the operation of the Platform and to enable you to use certain functionality thereof, including carrying out and completion of the Transactions. The legal basis for the processing is (i) the necessity for the performance of a contract between you and us; (ii) our legitimate interests as well as the interests of other Platform users to prevent and detect fraud and abuse in order to protect the security of our users; (iii) our legitimate interests to prevent money laundering and financing of terrorism, or other illegal activities in relation to the Platform, including those that are prohibited under the WePad Terms of Service.
Please also consider the features of the blockchain data processing described below in section “Your information and blockchain”.
- Verification Data:
We collect and process your Verification Data in order to (i) identify you as an individual and verify your identity; and (ii) enable you to use certain functionality of the Platform. We collect this information based on our legitimate interest to prevent money laundering, financing of terrorism, or other illegal activities in relation to the Platform, and to comply with the applicable sanctions, administered or enforced by any country, government or international authority, including the EU, OFAC, United Nations Security Council, but not limited to the above.
- Analytical Data:
The Analytical Data helps us to provide a better user experience by improving the Platform user flow and interface.
We use Google Analytics to analyse the use of the Platform. Google Analytics gathers information about the use of the Platform by means of cookies. Cookies are a feature of the web browser software that allows web servers to recognise the device used to access the Platform. A cookie is a small text file that the Platform saves on your computer or mobile device when you visit the Platform. They allow the Platform to remember your actions and preferences over a period of time to improve our products and services.
Google Analytics is operated by Google Ireland Limited having its address at Gordon House, Barrow Street, Dublin 4, Ireland, and its affiliates, including Google LLC having its address at 1600, Amphitheatre Parkway, Mountain View, CA, 94043, USA (collectively, “Google”).
To our knowledge, the data collected via Google Analytics is not anonymised (with the exception of the IP address) and will be transmitted to, processed and stored by Google in the United States. You can learn more about how Google processes personal data in Google’s privacy policy. Note that competent US state authorities may have access to the personal data collected via Google Analytics.
With respect to the personal data collected via Google Analytics, Google acts as our data processor. However, Google may use this personal data for any of its own purposes, such as profiling and cross-platform tracking. In this case, Google acts as an independent data controller. You can learn more about Google Analytics, its purposes and functions here.
To use Google Analytics, we will ask for your consent. When you visit the Platform, you are able to opt out from using Google Analytics. You also may object to the collection of personal data by Google Analytics through the Platform by downloading and installing a browser add-on from Google.
- Application Data:
We use the Application Data to review your application for conducting an initial decentralised offering (IDO) on the Platform, including to assess your project and other related data according to our internal procedures and policies. From the legal standpoint, we process the Application Data due to our legitimate interest to ensure the conduction of an IDO on the Platform by a project you represent. If we commence negotiations regarding the conduction of an IDO on the Platform, processing of your personal data may be additionally governed by another privacy/data protection document provided by us.
- Contact Data:
The purpose for processing your personal data when you contact us is to respond to your inquiry, including your application for conducting an IDO on the Platform, and the legal basis is (i) our legitimate interest to do the same; (ii) the necessity for the performance of a contract with you; or (iii) taking steps at your request prior to entering into a contract, depending on the subject of your inquiry.
- Subscription Data:
We collect the Subscription Data in order to provide you with our marketing and newsletter emails concerning the Platform, current and upcoming projects, as well as general updates. The legal basis for the processing is your consent.
You may revoke your consent and unsubscribe from receiving marketing and newsletter emails from us at any time by contacting us or clicking the unsubscribe button available at the bottom of each marketing and newsletter email. In such a case, we will delete your email address from the respective marketing database.
Please note that administrative or service-related communications (security alerts, email verifications, maintenance notifications, etc.) are not considered marketing and such communications may not offer an option to unsubscribe.
- Referral Data:
We collect the Referral Data to enable you (i) to participate in our referral or bonus program; (ii) to count you as a user, who shares a referral link and invites others to use the Platform; (iii) to accrue the relevant referral remuneration to you, if any; and (iv) to count the invited user. The legal basis for the processing is (i) the performance of a contract with you; and (ii) with respect to the data of the invited user 一 our legitimate interest to ensure the participation in our referral or bonus program by the respective user, who invited you to use the Platform.
-
How long we process your data
- General:
As a general rule, we keep the data as long as it is necessary for the purposes it was collected. We may process certain personal data longer than outlined below, if it is necessary:
- to meet our legal obligations under the applicable law;
- in relation to anticipated or pending legal proceedings; or
- to protect our rights and legitimate interest, or those of third parties.
- Transaction Data:
We process your Transaction Data for seven (7) years from the termination of relationship between you and us, for example, if you terminate your use of the Platform. We set this retention period due to the retention period for Transaction Data established under our policies and procedures and the law of our jurisdiction. Please note that due to the nature of the blockchain, the Transaction Data may be accessed by us or any third party at any time and may be stored permanently on the blockchain network that we neither control nor operate. Please also consider the features of the blockchain data processing described below in Section V of this Privacy Notice.
- Verification Data:
We process the Verification Data as long as you have a relationship with us (for example, you use the Platform) and for seven (7) years from the termination thereof due to the retention period for Verification Data established under our policies and procedures and the law of our jurisdiction.
- Analytical Data:
We process the Analytical Data for up to two (2) years. Particular cookie expiration periods can be found here.
- Application Data:
We process the Application Data as long as specified below due to the retention period for Application and Verification Data established under our policies and procedures and the law of our jurisdiction:
- if we approve your application and enter into a contractual relationship with the project you represent — during the term of our engagement and for seven (7) years after its termination;
- if we reject your application and don’t enter into a contractual relationship with the project you represent — for seven (7) years after the last contact.
- Contact Data:
We store the Contact Data for one (1) year from the last date when you contacted us regarding the same matter. We set this retention period to be in line with the statutes of limitations established in our Terms of Service. In case of anticipated or pending legal actions, we may process the Contact Data longer.
Please note that we store the Contact Data provided with your application for conducting an IDO on the Platform (i) during the term of our engagement and for seven (7) years after its termination, if we enter into a contract with the project you represent; or, if we don’t enter into a contract with the project you represent, (ii) for seven (7) years from the last date of the data submission regarding this matter. We set this term due to the retention period for Application Data established under our policies and procedures and the law of our jurisdiction.
- Subscription Data:
We process your Subscription Data as long as you remain a subscriber, i.e. until you opt out from receiving our marketing and newsletter emails.
- Referral Data:
We process the Referral Data until the inviting and invited users use the Platform and thereafter. While processing referral ID only, we cannot identify you as an individual (because it is not possible to identify you having only a random set of symbols). Therefore, generally, this data, without any other data, such as a name, email address, nickname, photo, etc., is not personal.
-
Your information and blockchain
Please note that the Platform interacts with the decentralised blockchain infrastructure and blockchain-based software (smart-contracts), and that the Transaction Data is normally recorded in the respective blockchain (distributed ledger) or otherwise used within the blockchain that operates in an autonomous manner. When we say that a blockchain is decentralised, we mean that there is no single person, including us, who controls the blockchain or stores data available thereon. The data is distributed via the nodes (blockchain network participants) which simultaneously store all records entered into the blockchain.
By design, public blockchain networks are immutable due to their nature, and are out of our control. This means that due to the structure of the blockchain your ability to exercise certain data protection rights or abilities may be limited. It also means that the information that was entered in a blockchain will be publicly available and we will neither control such information nor manage access to it. Once you start carrying out any Transactions, certain data will become publicly available to any person who has access to the respective blockchain. Please be aware that any Transaction within a blockchain is irreversible and information entered into a blockchain cannot be deleted or changed. The ultimate decision whether to transact on a blockchain or carry out any Transactions rests with you.
-
Automated decision-making
It is mandatory for you to provide the Verification Data in order to be eligible and authorised to access and use certain functionality of the Platform, for example, to participate in an IDO. When you provide us with your Verification Data, the respective verification systems will normally process it automatically and decide whether you meet specific eligibility requirements established by us with respect thereto. If you meet such eligibility requirements, the Address of your designated Wallet will be added to the so-called “whitelist” which is essentially a list of wallet addresses of eligible users which, for technical reasons, may be further incorporated into a smart-contract implemented on the applicable blockchain. If you are found to be ineligible, the Address of your designated Wallet will not be included in the “whitelist” and the respective functionality of the Platform will not be available to you.
In addition, we may also automatically block users based on their geographical location. This is necessary to restrict access to the Platform of the users from prohibited jurisdictions (meaning the jurisdictions in which the use of the Platform or its functionality is prohibited by applicable laws or regulations, the WePad Terms of Service, or our rules and policies).
If you do not agree with the outcomes of automatic decisions, you may: (a) request us to manually review the respective information and provide you with the outcomes of the review and/or (b) express your point of view and provide additional information or documents in order to contest the decision.
-
Third-party links
The Platform may include links and social media plugins to third-party websites and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites and applications, and are not responsible for their privacy statements. When you leave the Platform, we encourage you to read the privacy policy/notice/statement of every website or application you visit.
-
Your rights
According to the applicable data protection legislation, you may have the following rights:
- request access to your personal data (commonly known as a “data subject access request”). This enables you to ask us whether we process your personal data and, if we do process your data, you may request certain information about the processing activity and/or a copy of the personal data we hold about you and to check that we are lawfully processing it;
- request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us;
- request erasure of your personal data (commonly known as the “right to be forgotten”). This enables you to ask us to delete or remove personal data where there is no good reason for us to continue processing it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing (see below), where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal or technical reasons which will be notified to you, if applicable, at the time of your request;
- object to processing of your personal data where we are relying on a legitimate interest and there is something about your particular situation which makes you want to object to processing on this ground as you feel it impacts your fundamental rights and freedoms. You also have the right to object where we are processing your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds to process your information which override your rights and freedoms;
- request restriction of processing of your personal data. This enables you to ask us to suspend the processing of your personal data in the following scenarios: (1) if you want us to establish the data’s accuracy, (2) where our use of the data is unlawful but you do not want us to erase it, (3) where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims, (4) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it;
- request the transfer of your personal data to you or to a third party (commonly known as the “right to the data portability”). We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Note that this right only applies to automated information which you initially provided consent for us to use or where we used the information to perform a contract with you;
- withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent;
- not to be subject to a decision based solely on automated processing of data, including profiling, which produces legal effects concerning you or similarly significantly affecting you; and
- file a complaint with a relevant supervisory authority in case we violate your rights or obligations imposed on us under the applicable data protection legislation. The relevant supervisory authority may depend on where you are located.
Please note that due to the nature of the processing operation, we may not be able to exercise certain rights that you may have pursuant to the applicable data protection legislation. When you interact with a blockchain network, we may not be able to ensure that your personal data is deleted, corrected, or restricted. This is because the blockchain is a public decentralised network and blockchain technology does not generally allow for data to be deleted or changed, and certain rights, such as your right to erasure, right to rectification, right to object, or restrict processing of your personal data, cannot be enforced. In these circumstances, we will only be able to exercise your rights with respect to the information that is stored on our servers and not on a blockchain. If you want to ensure your privacy rights are not affected in any way, you should not transact on public blockchains as certain rights may not be fully available or exercisable by you or us due to the technological infrastructure of the blockchain. You can learn more about blockchain above in Section V of this Privacy Notice.
In order to exercise your rights as a data subject, we may request certain information from you to verify your identity and confirm that you have the right to exercise such rights.
-
Children personal data
The Platform is not intended for the use of children (under 18 years old or older, if the country of your residence determines a higher age restriction). We do not knowingly market to, or solicit data from children. We do not knowingly process, collect, or use personal data of children.
If we become aware that a child has provided us with personal information, we will use commercially reasonable efforts to delete such information from our database within a reasonable timeframe. If you are the parent or legal guardian of a child and believe that we have collected personal information from your child, please contact us.
-
Changes to this Privacy Notice
We keep our Privacy Notice under regular review and may update it at any time. If we make any changes to this document, we will change the “Last Updated” date above. Please review this Privacy Notice regularly. If we make substantial changes to the way we treat your personal information, we will either (a) display a notice on the Platform or (b) notify you by email prior to the change becoming effective.