CLAVE PRIVACY NOTICE Last updated: September 27, 2024 Clave Technologies Ltd (“Clave”, “we”, “us” or “our”) is committed to respecting and protecting the privacy of individuals who access and sign up for our services (“Users”, “you” or “your”). This privacy notice (“Privacy Notice”) explains how and why we collect, store, use, and share your personal information when you access or sign up for our services (“Services”) through our mobile app (“App”) or when you access our website at https://www.getclave.io (“Site”). It is important that you understand how we use your information. You should read this page in full, but below are the key highlights and some helpful links: Clave operates as a non-custodial platform, designed to enhance the user experience by providing a secure smart wallet through the App, enabling you to manage your digital assets smoothly and seamlessly. Clave delivers the Services primarily through the App, while the Site is dedicated to providing information and facilitating communication. The personal data we process on the Site is limited to purposes outlined below. Learn more. Clave collects and uses personal information to provide our Services, enhance your experience, protect the security and integrity of the Website and App, and comply with legal obligations. Learn more. If you do not agree with the collection, use, or disclosure of your personal information as described in this Privacy Notice, or if you are under 17 years of age, please do not access or use any of our App, Website, or Services. If you have any questions about our processing of your personal data, contact us at privacy@clave.com. 1. Important information and who we are Clave is the controller and is responsible for your personal data. We process personal data in compliance with applicable data protection laws, including, where relevant, the General Data Protection Regulation (EU GDPR) and the retained EU law version of the General Data Protection Regulation ((EU) 2016/679) as defined in the Data Protection Act 2018 (UK GDPR). 2. The types of personal data we collect about you The personal information we collect about you depends on the particular activities carry out through our Site and App. 2.1. Information you provide to us You can sign up for Clave Services without sharing your personal data by using passwordless authentication methods. All credentials are securely stored on your device and are never shared with or processed by us. We respect your choice to maintain anonymity while using our Services. However, if you wish to access additional features, use specific Services, personalise your account, provide feedback, or contact us, you may be asked to provide personal information.
Information Category Description Basic Customer Data Name, surname, and email address Account Information Username, Guardian’s username, profile picture Supplemental Identification Information (This data will only be collected if you wish to use specific Services offered in collaboration with our business Partner*, enabling you to purchase cryptocurrency or other digital assets via bank transfer or other payment methods**.) Government-issued identity document (e.g., national identity card, passport or driving license), date of birth, nationality, residential address, photographs and/or videos Customer Data Information about the transactions made on our Services, type of transaction, wallet address, deposit/withdrawal history, payment links, amount, assets, other transaction metadata Wallet Information User’s public wallet address provided while connecting the wallet to the Clave App Additional information you submit to us Feedback and responses provided to our customer support team. * We work with selected partners (“Partners”) to enhance your experience. If you use their additional services, they may process your personal data as data controllers. For more information on how your personal data is handled by these Partners, please refer to the privacy policy or notice of the Partner whose services you wish to use. ** These services may also require you to complete KYC (Know Your Customer) procedures, which involve verifying your identity to comply with legal and regulatory requirements. The KYC procedures will be conducted by Clave before granting access to the relevant business Partner and will be shared with the related business partner. Learn more. 2.2. Information collected automatically As you interact with our Website and App, we may automatically collect device and usage data about your equipment, browsing actions, and patterns. We also collect your personal data through cookies and other similar technologies. Information Category Description
Device Data Internet protocol (IP) address, your login data, browser type and version, time zone setting and location, browser plug-in types and versions, device ID, advertising ID, push token***, other technology on the devices you use to access the Website and App Usage Data Information about activity on the digital content viewed, features accessed, such as visited pages, searches, or links clicked Information from cookies and similar technologies Some device and service information are collected through the use of cookies and similar technologies. *** We use your device’s push notification system (iOS or Android) to send wallet updates regarding your wallet activity, such as transaction confirmations, security alerts, and feature updates. Push tokens do not contain personal data and are solely used to direct notifications to your device. To avoid push token processing, you can disable notifications in your device settings. 2.3. Information we obtain from third parties We will receive personal data about you from various third parties as set out below: Information Category Description Blockchain Data Publicly available blockchain data, including transaction history, wallet balance, assets held, and associated metadata, helps us accurately reflect the activity in your wallet and ensure the security of your operations within the blockchain network Transaction Data Data on transactions processed through third-party platforms, such as exchanges or external wallet providers, including the date, time, and amount of the transaction 3. How we use your personal data and our legal basis We use your personal information to develop, operate, and deliver our Services, to provide you with a secure and efficient experience, and for our legal obligations and anti-fraud purposes. The law requires us to have a legal basis for collecting and using your personal data.
We have outlined below, in a table format, a detailed description of the various ways we intend to use your personal data and the corresponding legal bases we rely on for each use. 3.1. Personal Data Collected During Your Use of Our Site Our Purpose/Use Type of Personal Data Legal Basis To provide and maintain our Services Device, Usage and Information from cookies and similar technologies. Legitimate Interest To administer and protect our business and our Site Device and Usage Data Legitimate Interest To manage our relationship with you which will include providing customer support Contact Information Legitimate Interest 3.2. Personal Data Collected During Your Use of Our App Our Purpose/Use Type of Personal Data Legal Basis To manage your account Basic Customer Data, Login and Wallet Information Necessary to perform our contract with you To provide you with our Services Basic Customer Data, Customer, Wallet, Blockchain, Transaction, Additional information you submit to us Necessary to perform our contract with you To facilitate additional Services offered through our business Partners and to enhance the user experience (optional) Basic Customer Data, Supplemental Identification Information Necessary to perform our contract with you To send / receive digital assets Blockchain, Wallet, and Customer Transaction Information Necessary to perform our contract with you To sign transactions via decentralized applications Blockchain, Wallet, and Customer Transaction Information Necessary to perform our contract with you
To determine your legal eligibility for certain services Basic Customer Data and Supplemental Identification Information Legitimate Interest To promote safety, security and integrity Basic Customer Data, Customer Transaction, Wallet, Device and Usage Information Legitimate Interest To provide functionality, analyse performance, fix errors, and improve usability and effectiveness of the Clave Services Technical and Usage Data Legitimate Interest To customize your experience with our Services and otherwise improve our Services Account and Usage Data Legitimate Interest To manage our relationship with you which will include; (i) notifying you about changes to our Terms or Privacy Notice and (ii) providing costumer support. Basic Customer, Customer Transaction, Wallet, and Additional Information you submit to us. Legitimate Interest Product and Services updates via App notifications Basic Customer Data and Device Information Consent 4. How and why we share your personal information We may share your personal data where necessary with the parties set out below for the purposes for which we will use your personal data above. We may share your personal information with third parties that we use in connection with the operation of our business: (i) third-party service providers that we engage to provide IT systems, software, cloud computing services, data storage, data analytics, and log storage services; and (ii) third-party service providers such as auditors, professional advisors. If you wish to use specific services provided by our business Partners, we may share your personal data with them. We may share your personal data with any third party to whom we sell, transfer, or merge parts of our business or assets. Alternatively, we may seek to acquire or merge with other businesses.
We may disclose your personal data to courts, law enforcement agencies, regulatory bodies, and government officials when required by law or reasonably necessary for the establishment, exercise or defence of a legal or equitable claim. When we share information with third-party service providers in this capacity, we require them to use your information on our behalf in accordance with our instructions, and terms and only process as necessary for the purpose of the contract. 5. How we transfer information internationally We want to ensure that your personal data is stored and transferred securely. In some cases, your personal data may be transferred to countries outside the UK or the European Economic Area (EEA). When this occurs, we ensure that appropriate safeguards are in place to protect your data. These safeguards include Standard Contractual Clauses (SCCs) approved by the European Commission, which ensure that your personal data receives the same level of protection it would within the EEA or the UK. Our primary external third-party service provider for data storage and processing is Amazon Web Services (AWS). As a global company, AWS may transfer and store your personal data outside the UK as part of its cloud infrastructure services. We have implemented appropriate safeguards and contractual measures to ensure the security and protection of your personal data during international transfers in accordance with applicable data protection laws. 6. Cookies and other tracking technologies A cookie is a small text file placed onto your device (such as a computer, smartphone, or other electronic device) when you use our Site. For more information about the cookies we use and how to change your cookie preferences, please see Cookie Notice. 7. Third-party links We do not have control over third-party websites or platforms, and they are not governed by this Privacy Notice. If you visit third-party sites through the links we provide, the operators of those sites may collect information from you according to their own privacy policies. Before providing any personal data to those websites, please review their privacy policies. We do not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. 8. Data Security We have put in place appropriate technical and organizational security measures designed to protect your personal data against accidental, unlawful or unauthorized destruction, loss, alteration, access, disclosure or use. We protect your personal data from potential security breaches by implementing specific technological security measures, including encryption, firewalls, and secure layer technology. In addition, we limit access to your personal data to employees, agents, contractors, and other third parties who have a legitimate business need to know. They will only process your personal data on our instructions, and they are subject to a duty of confidentiality. 9. Data Retention We will not retain your personal information longer than necessary to fulfil the purposes for which the data was collected or to fulfil our legal obligations or necessary for the establishment, exercise of defence of legal claims or resolving disputes. We may retain your personal data for
a longer period in the event of a complaint or if we reasonably believe there is a prospect of litigation in respect to our relationship with you. To determine the appropriate retention period for personal data, we consider the amount, nature and sensitivity of the personal data, the potential risk of harm from unauthorised use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, accounting or other requirements. In some circumstances you can ask us to delete your data: see paragraph 11 below for further information. 10. Information collected from minors Our Services are intended for general audiences and are not designed to attract children under the age of 17 (“Minimum Age”). We do not collect personal information from children under Minimum Age without parental consent. If you believe that a minor under the age of Minimum Age is using our Services, please contact our support team. 11. Your privacy rights To the extent permitted by applicable data protection laws and regulations, you have the following rights in relation to your personal data: Request access to your personal data. This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it. Request correction of the personal data that we hold about you. This enables you to have any incomplete or inaccurate data we hold about you corrected, though we may need to verify the accuracy of the new data you provide to us. Request erasure of your personal data in certain circumstances. This enables you to ask us to delete or remove personal data where there is no good reason for us continuing to process it. You also have the right to ask us to delete or remove your personal data where you have successfully exercised your right to object to processing, where we may have processed your information unlawfully or where we are required to erase your personal data to comply with local law. Note, however, that we may not always be able to comply with your request of erasure for specific legal reasons which will be notified to you, if applicable, at the time of your request. Object to processing of your personal data where we are relying on a legitimate interest (or those of a third party) as the legal basis for that particular use of your data (including carrying out profiling based on our legitimate interests). Request the transfer of your personal data to you or to a third party. We will provide to you, or a third party you have chosen, your personal data in a structured, commonly used, machine-readable format. Withdraw consent at any time where we are relying on consent to process your personal data. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. Request restriction of processing of your personal data. This enables you to ask us
to suspend the processing of your personal data in one of the following scenarios: (i) If you want us to establish the data's accuracy; (ii) Where you believe our use of the data is unlawful but you do not want us to erase it; (iii) Where you need us to hold the data even if we no longer require it as you need it to establish, exercise or defend legal claims; or (iv) You have objected to our use of your data but we need to verify whether we have overriding legitimate grounds to use it. If you wish to exercise any of the rights set out above, please contact us – see below ‘How to contact us’. You will not have to pay a fee to access your personal data (or to exercise any of the other rights). However, we may charge a reasonable fee if your request is clearly unfounded, repetitive or excessive. Alternatively, we could refuse to comply with your request in these circumstances. What we may need from you We may need to request specific information from you to help us confirm your identity and ensure your right to access your personal data (or to exercise any of your other rights). This is a security measure to ensure that personal data is not disclosed to any person who has no right to receive it. We may also contact you to ask you for further information in relation to your request to speed up our response. 12. Complaints We hope we will be able to resolve any issues you may have. If you have a concern about how we use your personal data, we would like to work with you to resolve it. You have the right to make a complaint at any time to your local data protection authority, such as the Information Commissioner’s Office (ICO), the UK regulator for data protection issues (www.ico.org.uk). For a list of EEA data protection supervisory authorities and their contact details, see here. We would, however, appreciate the chance to deal with your concerns before you approach the relevant data protection authority so please contact us in the first instance. 13. Changes to the Privacy Notice and your duty to inform us changes We may update this Privacy Notice from time to time. The updated version will be indicated by an updated 'Revised' date and the updated version will be effective as soon as it is accessible. If we make material changes to this Privacy Notice, we may notify you either by prominently posting a notice of such changes or by directly sending you a notification. We encourage you to review this Privacy Notice frequently to be informed of how we are protecting your information. It is important that the personal data we hold about you is accurate and current. Please keep us informed of any changes to your personal data during your relationship with us, such as a new address or email.
14. How to contact us Questions, comments and requests regarding this Notice are welcomed and should be addressed to Clave, Privacy Team, privacy@clave.team or send a letter to 5 Beaufort Court, Admirals Way, London, United Kingdom, E14 9X. Clave’s GDPR Representative acts as the EU Representative for our users and visitors residing in the EEA. If you wish to contact your representative, you may email them at privacy@clave.team.