Clave

CLAVE PRIVACY NOTICE

Last updated: September 27, 2024

Clave Technologies Ltd (“Clave”, “we”, “us” or “our”) is committed to respecting and protecting

the privacy of individuals who access and sign up for our services (“Users”, “you” or “your”).

This privacy notice (“Privacy Notice”) explains how and why we collect, store, use, and share

your personal information when you access or sign up for our services (“Services”) through our

mobile app (“App”) or when you access our website at https://www.getclave.io (“Site”).

It is important that you understand how we use your information. You should read this page in

full, but below are the key highlights and some helpful links:

● Clave operates as a non-custodial platform, designed to enhance the user experience

by providing a secure smart wallet through the App, enabling you to manage your

digital assets smoothly and seamlessly.

● Clave delivers the Services primarily through the App, while the Site is dedicated to

providing information and facilitating communication. The personal data we process on

the Site is limited to purposes outlined below. Learn more.

● Clave collects and uses personal information to provide our Services, enhance your

experience, protect the security and integrity of the Website and App, and comply with

legal obligations. Learn more.

● If you do not agree with the collection, use, or disclosure of your personal information

as described in this Privacy Notice, or if you are under 17 years of age, please do not

access or use any of our App, Website, or Services.

● If you have any questions about our processing of your personal data, contact us at

privacy@clave.com.

1. Important information and who we are

Clave is the controller and is responsible for your personal data. We process personal data in

compliance with applicable data protection laws, including, where relevant, the General Data

Protection Regulation (EU GDPR) and the retained EU law version of the General Data

Protection Regulation ((EU) 2016/679) as defined in the Data Protection Act 2018 (UK GDPR).

2. The types of personal data we collect about you

The personal information we collect about you depends on the particular activities carry out

through our Site and App.

2.1. Information you provide to us

You can sign up for Clave Services without sharing your personal data by using passwordless

authentication methods. All credentials are securely stored on your device and are never shared

with or processed by us. We respect your choice to maintain anonymity while using our

Services.

However, if you wish to access additional features, use specific Services, personalise your

account, provide feedback, or contact us, you may be asked to provide personal information.

Information Category

Description

Basic Customer Data

Name, surname, and email address

Account Information

Username, Guardian’s username, profile

picture

Supplemental Identification Information

(This data will only be collected if you wish to

use specific Services offered in collaboration

with our business Partner*, enabling you to

purchase cryptocurrency or other digital

assets via bank transfer or other payment

methods**.)

Government-issued identity document (e.g.,

national identity card, passport or driving

license), date of birth, nationality, residential

address, photographs and/or videos

Customer Data

Information about the transactions made on our

Services, type of transaction, wallet address,

deposit/withdrawal history, payment links,

amount, assets, other transaction metadata

Wallet Information

User’s public wallet address provided while

connecting the wallet to the Clave App

Additional information you submit to us

Feedback and responses provided to our

customer support team.

*We work with selected partners (“Partners”) to enhance your experience. If you use their

additional services, they may process your personal data as data controllers. For more

information on how your personal data is handled by these Partners, please refer to the privacy

policy or notice of the Partner whose services you wish to use.

** These services may also require you to complete KYC (Know Your Customer) procedures,

which involve verifying your identity to comply with legal and regulatory requirements. The KYC

procedures will be conducted by Clave before granting access to the relevant business Partner

and will be shared with the related business partner. Learn more.

2.2. Information collected automatically

As you interact with our Website and App, we may automatically collect device and usage data

about your equipment, browsing actions, and patterns. We also collect your personal data

through cookies and other similar technologies.

Information Category

Description

Device Data

Internet protocol (IP) address, your login

data, browser type and version, time zone

setting and location, browser plug-in types

and versions, device ID, advertising ID, push

token***, other technology on the devices you

use to access the Website and App

Usage Data

Information about activity on the digital

content viewed, features accessed, such as

visited pages, searches, or links clicked

Information from cookies and similar

technologies

Some device and service information are

collected through the use of cookies and

similar technologies.

*** We use your device’s push notification system (iOS or Android) to send wallet updates

regarding your wallet activity, such as transaction confirmations, security alerts, and feature

updates. Push tokens do not contain personal data and are solely used to direct notifications to

your device. To avoid push token processing, you can disable notifications in your device

settings.

2.3. Information we obtain from third parties

We will receive personal data about you from various third parties as set out below:

Information Category

Description

Blockchain Data

Publicly available blockchain data, including

transaction history, wallet balance, assets

held, and associated metadata, helps us

accurately reflect the activity in your wallet

and ensure the security of your operations

within the blockchain network

Transaction Data

Data on transactions processed through

third-party platforms, such as exchanges or

external wallet providers, including the date,

time, and amount of the transaction

3. How we use your personal data and our legal basis

We use your personal information to develop, operate, and deliver our Services, to provide you

with a secure and efficient experience, and for our legal obligations and anti-fraud purposes.

The law requires us to have a legal basis for collecting and using your personal data.

We have outlined below, in a table format, a detailed description of the various ways we intend

to use your personal data and the corresponding legal bases we rely on for each use.

3.1. Personal Data Collected During Your Use of Our Site

Our Purpose/Use

Type of Personal Data

Legal Basis

To provide and maintain our

Services

Device, Usage and

Information from cookies and

similar technologies.

Legitimate Interest

To administer and protect our

business and our Site

Device and Usage Data

Legitimate Interest

To manage our relationship

with you which will include

providing customer support

Contact Information

Legitimate Interest

3.2. Personal Data Collected During Your Use of Our App

Our Purpose/Use

Type of Personal Data

Legal Basis

To manage your account

Basic Customer Data, Login

and Wallet Information

Necessary to perform our

contract with you

To provide you with our

Services

Basic Customer Data,

Customer, Wallet,

Blockchain, Transaction,

Additional information you

submit to us

Necessary to perform our

contract with you

To facilitate additional

Services offered through our

business Partners and to

enhance the user experience

(optional)

Basic Customer Data,

Supplemental Identification

Information

Necessary to perform our

contract with you

To send / receive digital

assets

Blockchain, Wallet, and

Customer Transaction

Information

Necessary to perform our

contract with you

To sign transactions via

decentralized applications

Blockchain, Wallet, and

Customer Transaction

Information

Necessary to perform our

contract with you

To determine your legal

eligibility for certain services

Basic Customer Data and

Supplemental Identification

Information

Legitimate Interest

To promote safety, security

and integrity

Basic Customer Data,

Customer Transaction,

Wallet, Device and Usage

Information

Legitimate Interest

To provide functionality,

analyse performance, fix

errors, and improve usability

and effectiveness of the

Clave Services

Technical and Usage Data

Legitimate Interest

To customize your

experience with our Services

and otherwise improve our

Services

Account and Usage Data

Legitimate Interest

To manage our relationship

with you which will include; (i)

notifying you about changes

to our Terms or Privacy

Notice and (ii) providing

costumer support.

Basic Customer, Customer

Transaction, Wallet, and

Additional Information you

submit to us.

Legitimate Interest

Product and Services

updates via App notifications

Basic Customer Data and

Device Information

Consent

4. How and why we share your personal information

We may share your personal data where necessary with the parties set out below for the

purposes for which we will use your personal data above.

● We may share your personal information with third parties that we use in connection

with the operation of our business:

(i) third-party service providers that we engage to provide IT systems, software,

cloud computing services, data storage, data analytics, and log storage services;

and

(ii) third-party service providers such as auditors, professional advisors.

● If you wish to use specific services provided by our business Partners, we may share

your personal data with them.

● We may share your personal data with any third party to whom we sell, transfer, or

merge parts of our business or assets. Alternatively, we may seek to acquire or merge

with other businesses.

● We may disclose your personal data to courts, law enforcement agencies, regulatory

bodies, and government officials when required by law or reasonably necessary for the

establishment, exercise or defence of a legal or equitable claim.

When we share information with third-party service providers in this capacity, we require them

to use your information on our behalf in accordance with our instructions, and terms and only

process as necessary for the purpose of the contract.

5. How we transfer information internationally

We want to ensure that your personal data is stored and transferred securely. In some cases,

your personal data may be transferred to countries outside the UK or the European Economic

Area (EEA). When this occurs, we ensure that appropriate safeguards are in place to protect

your data. These safeguards include Standard Contractual Clauses (SCCs) approved by the

European Commission, which ensure that your personal data receives the same level of

protection it would within the EEA or the UK.

Our primary external third-party service provider for data storage and processing is Amazon

Web Services (AWS). As a global company, AWS may transfer and store your personal data

outside the UK as part of its cloud infrastructure services. We have implemented appropriate

safeguards and contractual measures to ensure the security and protection of your personal

data during international transfers in accordance with applicable data protection laws.

6. Cookies and other tracking technologies

A cookie is a small text file placed onto your device (such as a computer, smartphone, or other

electronic device) when you use our Site. For more information about the cookies we use and

how to change your cookie preferences, please see Cookie Notice.

7. Third-party links

We do not have control over third-party websites or platforms, and they are not governed by this

Privacy Notice. If you visit third-party sites through the links we provide, the operators of those

sites may collect information from you according to their own privacy policies. Before providing

any personal data to those websites, please review their privacy policies. We do not accept any

responsibility or liability for these policies or for any personal data that may be collected through

these websites or services.

8. Data Security

We have put in place appropriate technical and organizational security measures designed to

protect your personal data against accidental, unlawful or unauthorized destruction, loss,

alteration, access, disclosure or use. We protect your personal data from potential security

breaches by implementing specific technological security measures, including encryption,

ﬁrewalls, and secure layer technology.

In addition, we limit access to your personal data to employees, agents, contractors, and other

third parties who have a legitimate business need to know. They will only process your personal

data on our instructions, and they are subject to a duty of confidentiality.

9. Data Retention

We will not retain your personal information longer than necessary to fulfil the purposes for

which the data was collected or to fulfil our legal obligations or necessary for the establishment,

exercise of defence of legal claims or resolving disputes. We may retain your personal data for

a longer period in the event of a complaint or if we reasonably believe there is a prospect of

litigation in respect to our relationship with you.

To determine the appropriate retention period for personal data, we consider the amount, nature

and sensitivity of the personal data, the potential risk of harm from unauthorised use or

disclosure of your personal data, the purposes for which we process your personal data and

whether we can achieve those purposes through other means, and the applicable legal,

regulatory, accounting or other requirements.

In some circumstances you can ask us to delete your data: see paragraph 11 below for further

information.

10. Information collected from minors

Our Services are intended for general audiences and are not designed to attract children under

the age of 17 (“Minimum Age”). We do not collect personal information from children under

Minimum Age without parental consent. If you believe that a minor under the age of Minimum

Age is using our Services, please contact our support team.

11. Your privacy rights

To the extent permitted by applicable data protection laws and regulations, you have the

following rights in relation to your personal data:

●Request access to your personal data. This enables you to receive a copy of the

personal data we hold about you and to check that we are lawfully processing it.

●Request correction of the personal data that we hold about you. This enables you to

have any incomplete or inaccurate data we hold about you corrected, though we may

need to verify the accuracy of the new data you provide to us.

●Request erasure of your personal data in certain circumstances. This enables you to

ask us to delete or remove personal data where there is no good reason for us

continuing to process it. You also have the right to ask us to delete or remove your

personal data where you have successfully exercised your right to object to processing,

where we may have processed your information unlawfully or where we are required to

erase your personal data to comply with local law. Note, however, that we may not

always be able to comply with your request of erasure for specific legal reasons which

will be notified to you, if applicable, at the time of your request.

●Object to processing of your personal data where we are relying on a legitimate

interest (or those of a third party) as the legal basis for that particular use of your data

(including carrying out profiling based on our legitimate interests).

●Request the transfer of your personal data to you or to a third party. We will provide to

you, or a third party you have chosen, your personal data in a structured, commonly

used, machine-readable format.

●Withdraw consent at any time where we are relying on consent to process your

personal data. However, this will not affect the lawfulness of any processing carried out

before you withdraw your consent. If you withdraw your consent, we may not be able to

provide certain products or services to you.

●Request restriction of processing of your personal data. This enables you to ask us

to suspend the processing of your personal data in one of the following scenarios:

(i) If you want us to establish the data's accuracy;

(ii) Where you believe our use of the data is unlawful but you do not want us to erase

it;

(iii) Where you need us to hold the data even if we no longer require it as you need it

to establish, exercise or defend legal claims; or

(iv) You have objected to our use of your data but we need to verify whether we have

overriding legitimate grounds to use it.

If you wish to exercise any of the rights set out above, please contact us – see below ‘How to

You will not have to pay a fee to access your personal data (or to exercise any of the other

rights). However, we may charge a reasonable fee if your request is clearly unfounded,

repetitive or excessive. Alternatively, we could refuse to comply with your request in these

circumstances.

What we may need from you

We may need to request specific information from you to help us confirm your identity and

ensure your right to access your personal data (or to exercise any of your other rights). This is a

security measure to ensure that personal data is not disclosed to any person who has no right to

receive it. We may also contact you to ask you for further information in relation to your request

to speed up our response.

12. Complaints

We hope we will be able to resolve any issues you may have. If you have a concern about how

we use your personal data, we would like to work with you to resolve it.

You have the right to make a complaint at any time to your local data protection authority, such

as the Information Commissioner’s Office (ICO), the UK regulator for data protection issues

(www.ico.org.uk). For a list of EEA data protection supervisory authorities and their contact

details, see here. We would, however, appreciate the chance to deal with your concerns before

you approach the relevant data protection authority so please contact us in the first instance.

13. Changes to the Privacy Notice and your duty to inform us changes

We may update this Privacy Notice from time to time. The updated version will be indicated by

an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If

we make material changes to this Privacy Notice, we may notify you either by prominently

posting a notice of such changes or by directly sending you a notification. We encourage you to

review this Privacy Notice frequently to be informed of how we are protecting your information.

It is important that the personal data we hold about you is accurate and current. Please keep us

informed of any changes to your personal data during your relationship with us, such as a new

address or email.

14. How to contact us

Questions, comments and requests regarding this Notice are welcomed and should be

addressed to Clave, Privacy Team, privacy@clave.team or send a letter to 5 Beaufort Court,

Admirals Way, London, United Kingdom, E14 9X.

Clave’s GDPR Representative acts as the EU Representative for our users and visitors residing

in the EEA. If you wish to contact your representative, you may email them at

privacy@clave.team.