1. UTU AND DATA PRIVACY
Where law or regulation requires us to provide you with a notice, or other explanation of the information about you that we collect and process (or similar), this Privacy Notice shall be understood as fulfilling our obligation to provide you with such notice or explanation.
2. INFORMATION THAT UTU COLLECTS
In addition to the personal data you make publicly accessible on UTU, we collect certain personal data which is not generally publicly accessible. As explained below, we only process your non-publicly accessible personal data to the extent required for platform administration and certain other limited uses which are necessary for the services we provide to you.
2.1 INFORMATION THAT IS PUBLICLY ACCESSIBLE
It is important to remember that most information on UTU is accessible to all. Information that is publicly accessible includes the following:
- Certain information you give us when you sign-up for an account. This includes:
- Your full name.
- The photo you provide to us to use as your profile photo.
- Information that you or others post on UTU. This may be text, images, videos or other material. This includes:
- Your posts and NFTs
- Your comments on your own posts and on other users’ posts.
- Responses to comments.
- Information about actions you take on UTU. This includes:
- The content that you engage with (for example, by liking or removing like).
- The features that you use.
- The actions you take in relation to content (for example, sharing or commenting).
- The actions you take in relation to communities (for example, joining or sharing).
- The actions you take in relation to other users (for example, blocking or unblocking).
- The actions you take in relation to tokens (for example, using UTU or other DAC tokens).
2.1.1 HOW IS PUBLICLY ACCESSIBLE DATA STORED AND PROCESSED
One key part of the operation of UTU is the EOSIO blockchain. Records of all posts made by users on UTU, as well as records of all actions taken by users on UTU, are published on the EOSIO blockchain and are associated only with a pseudonymized UTU ID. The EOSIO blockchain forms a permanent, uneditable and auditable catalogue of all posts and actions which will persist even if we delete other information that we hold about you.
The EOSIO blockchain does not include a clear copy of the content of posts and comments. Anyone looking directly at the EOSIO blockchain will instead see a “hash”, which is a shortened cryptographic representation of this content. We can use the hash to validate posts. Actions, such as when you ‘Like’ another user’s post, are recorded on the blockchain in a clear way, so that everyone can understand what actions have been taken. Hashed posts and comments, and recorded actions, are all associated only with a pseudonymized UTU ID and not with any personal identifiers such as your username or your actual name.
Please remember that it is possible for third parties to take information which is publicly accessible on UTU and use it without our knowledge. This is outside of our control and any such use is beyond the remit of this Privacy Notice. Depending on your place of residence, such third parties may be obliged to notify you if they have obtained your personal data in this way.
2.2. INFORMATION THAT IS NOT PUBLICLY ACCESSIBLE
We process certain information about you which is not publicly accessible:
- Certain information that we collect as part of the sign-up process. This may include:
- Your preferred name.
- Human signup information, through a liveness and face detection software, that is used to verify that you are real and physically present. It makes this assessment based on the ‘selfie’ that you upload.
- Other identifying or contact information you provide to us.
- Information you otherwise provide to us. This includes:
- Information you provide in any emails or other correspondence you send to us.
- Information you provide in submitting early request access or other form.
- Information that our platform and other systems collect about you.
- When you use or visit UTU, it will automatically collect some information about you and your visit, including Internet and network activity such as the Internet Protocol (IP) address (which may provide information about your location) used to connect your device to the Internet and some other information such as your device model, the screens that you visit as well as the timing, length, frequency of each visit.
- UTU may also download “cookies” to your device. For more information about cookies, please refer to our separate Cookie Notice.
- If you exchange emails or other electronic communications with our employees and other staff members, our information technology systems may record details of those conversations, sometimes including their content.
- Information that we collect from any identity and address verification third-party service provider.
- During the human signup process, a liveness check will be undertaken to establish that you are a living person and matched to the ‘selfie’ you have submitted. This is to ensure that you are a real person (not a bot) and also prevent duplicate accounts.
- Other information.
- We may also collect certain information from other sources. For example, we sometimes collect information from third-party data providers or publicly available sources for anti-money-laundering, background checking and similar purposes, and to protect our business and comply with our legal and regulatory obligations.
- We do not market to and do not knowingly collect any Personal Data from or about a child under the age of 18 without the consent of the child’s parent or legal guardian. UTU is not intended for children under the age of 18. Children under the age of 18 must not use UTU for any purpose. If you believe we have any Personal Data from any children under the age of 18 without such parental/guardian consent, please contact us at the email address specified below.
- We do not sell any of your information to anyone, and we never will without your consent. We also impose strict restrictions on how our partners can use and disclose the data we provide.
3. HOW WE MAY USE YOUR INFORMATION AND BASIS OF PROCESSING
|Information||Lawful Basis||Purpose of Processing|
|Registration and Log-in Data||Contract||to create your user account;|
to login to your account;
notify you of changes to UTU;
provide user support;
to enforce UTU terms, conditions and policies;
to communicate with you;
to develop new and improve existing services;
administer the platform including troubleshooting;
to enable you to share content and interact with others;
to provide language and location customization;
to detect abuse, fraud and illegal activity on UTU.
|Human signup process||Given that this involves collection of biometric data the lawful basis under article 6 of GDPR is Contract & under article 9 is explicit consent||use of face image and ‘selfie’ to authenticate user is human (prevent bot accounts);|
prevent duplicate accounts;
ensure individual that has been removed from UTU due to non-adherence to Ground Rules is not readmitted.
|Shared Information||Contract||to manage the UTU platform in accordance with your instructions and requests (including posting, liking, sharing, commenting on content, whether yours or other users);|
to provide personalized help and instructions;
to provide language and location customization;
to develop new and improve existing services;
administer the platform including troubleshooting;
ensure content is presented is the most appropriate format for your device.
|Security and investigations||Legitimate Interest: Security and protection of data||To operate, administer, secure and improve UTU, and other aspects of the way in which we conduct our operations to promote safety and security;|
to communicate with you, on Service-related issues;
verify accounts and activity (This includes processing data for identity verification purposes and in order to confirm that the same user does not have more than one account or prevent the user from signing up to the platform again if they have removed due to misuse);
prevent harmful conduct or illegal content;
to protect our business from fraud, money-laundering, breach of confidence, theft of proprietary materials and other financial or business crimes;
|Customer Support||Legitimate interest: respond, resolve and investigate customers’ queries/complaints||to answer any users queries|
to resolve accounts issues.
|Sharing with law enforcement/legal requests||Legal Obligation||to comply with valid legal requests;|
to comply with our legal and regulatory obligations.
|Protection of interests of an individual||Vital Interests||protection of your life or physical integrity or that of others;|
to combat harmful conduct;
to promote safety and security.
|Marketing Information||Consent||send emails with details about products/services that may be of interest to you.|
|Data Analytics||Consent||provision of data analytics to third parties based on information available on the EOSIO Blockchain relating to your interactions with the platform and other information about your use of UTU.|
4. DISCLOSURE AND INTERNATIONAL TRANSFER OF YOUR INFORMATION
We may disclose personal data about you:
- To our suppliers, subcontractors and service providers who need access to the data to assist us with operating UTU. They include service providers who host our information technology systems, or otherwise hold or process your information on our behalf, under appropriate conditions of confidentiality and security. We endeavour to only share the minimum amount of Personal Data that these service providers need to perform their tasks;
- To a person who intends to or is taking over our business and assets, or relevant parts of them, due to a prospective or concluded merger, sale, acquisition, divestiture, restructuring, reorganization, dissolution, bankruptcy, or other change of ownership or control;
- To regulatory, prosecuting and other governmental agencies, courts or authorities or litigation counterparties, in any country or territory; and
These disclosures may involve transferring your personal data to any of our offices overseas for processing in accordance with this Privacy Notice and as permitted by the applicable laws. If you are dealing with us within the European Economic Area (EEA) or the United Kingdom (UK), you should be aware that this may include transfers to countries outside the EEA / UK. Such intra-organisational transfers are based on approved mechanisms.
Where we rely on our service providers located outside of your jurisdiction and acting as data processors, we ensure that they are subject to laws ensuring an adequate level of data protection as set out in an applicable adequacy decision of the relevant regulatory authority (which may include the EU-U.S. Privacy Shield) or will ensure that an adequate level of data protection will be available on the basis of standard contractual clauses that will allow you to directly enforce your rights as a third-party beneficiary.
5. SECURITY OF YOUR INFORMATION
The security of your information is important to us. We have implemented appropriate technical, physical and administrative security measures intended to protect your Personal Data from unauthorized access, disclosure, alteration or destruction. We limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality.
6. Automated decision-making
We use personal data to make automated decisions relating to use of our services. This includes:
- Human signup through a software that will decide whether the user is physically present and is a unique human on the UTU platform. Where it is determined that the user is not, the account will be rejected.
7. RIGHTS OF INDIVIDUALS IN CERTAIN PLACES
If you are located in certain places, you may have some or all of the following rights pursuant to data protection or privacy laws that apply to you:
- A right of access to the personal data that we hold about you, and information related to how we process your data. Such related information includes information on the categories of data, the sources from which it originated, the purpose and legal basis for the processing, the expected retention period, the recipients of your Personal Data, and the safeguards regarding data transfers to other jurisdictions, subject to the limitations set out in applicable laws and regulations.
- A right to require any inaccurate personal data that we hold about you to be corrected or deleted.
- A right to ask us to delete your personal data. We will decline your request for deletion if processing your Personal Data is necessary: (i) to comply with our legal obligations such as fraud detection and monitoring; (ii) or being required to perform a task in the public interest; (iii) in pursuit of a legal action; (iv) for exercising the right of freedom of expression and information; and (v) for archiving purposes in the public interest, scientific research historical research or statistical purposes where erasure is likely to render impossible or seriously impair the achievement of that processing.
- A right to ask how your personal data has been shared, if at all, with third parties for the third parties’ direct marketing purposes, as well as to object to our use of your personal data for direct marketing purposes at any time.
- A right to object to our processing of some or all of your personal data —based on our legitimate interest (or that of a third party) — on the basis that it impacts on your fundamental rights and freedoms.
- A right to restrict our processing of some or all of your personal data if:
- you dispute the accuracy of your personal data;
- your personal data was processed unlawfully and you request a limitation on processing, rather than the deletion of your personal data;
- we no longer need to process your personal data, but you require your personal data in connection with a legal claim; or
- you object to the processing pending verification as to whether an overriding legitimate ground for such processing exists.
We may continue to store your personal data to the extent processing is required or based on one of the following bases: with your consent; for the establishment, exercise or defence of legal claims; for the protection of the rights of another natural or legal person; or for reasons of important public interest.
- A right to data portability, which means you may receive your personal data in a structured, commonly used and machine-readable format. However, you may only exercise this right if the processing of your data is based on your consent or carried out by automated means.
- A right to withdraw, at any time, any consent that you gave us to process your data. Your consent withdrawal will not affect the lawfulness of the processing done before the withdrawal.
If you wish to exercise any of these rights that apply to you, please contact us. When exercising any of these rights, you will have to prove your identity to our satisfaction so that we can make sure that they apply to you and to safeguard your information from unauthorized access by someone impersonating you.
In the event where you do not have the benefit of a particular right (whether stated above or not) or we do not have to comply with a particular obligation, we may nevertheless without obligation and in our sole discretion grant you the benefit of such right or choose to fulfil such obligation but are under no continuing obligation to do so.
You may also be able to lodge a complaint about our processing of your personal data with the body regulating data protection in your country, where you live or work, or the location where the data protection issue arises but we would invite you to attempt to resolve the issue with us first.
8. DO NOT TRACK
Certain devices you may use to access UTU may permit you to submit your preference that you do not wish to be “tracked” online. We do not currently commit to responding to these submissions, in part, because no common industry standard for “do not track” has been adopted by industry groups, technology companies, or regulators. We will make efforts to monitor developments around “do not track” technology and the implementation of a standard.
9. Contact Us
We welcome questions, comments and requests regarding this Privacy Notice and our processing of personal data. Please visit our website to contact us.
Please also contact us if you have a disability and require this Privacy Notice in an alternate format.
10. CHANGES TO THIS PRIVACY NOTICE
Any changes we make to this Privacy Notice in the future will be made available on UTU and also available if you contact us. Please check back frequently to see any changes. To the extent permitted by law, by continuing to use UTU after changes have been posted, you are confirming that you have read and understood the latest version of this Notice.
If you do not agree with any of the statements set out in this Privacy Notice, you should stop using UTU in any way.
Date of Last Update: May 19, 2021