We are Nature DAO Ltd. We are a company registered in England and Wales with company number
13895251,
whose registered address is at Pheasants Rise, Frieth Road, Marlow SL7 2JQ. In this privacy
notice, we
will refer to ourselves as ‘we’, ‘us’ or ‘our’.
You can get hold of us in any of the following ways:
- by e-mailing us at info@nature-dao.com; or
- by writing to us at Pheasants Rise, Frieth Road, Marlow SL7 2JQ.
We take the privacy, including the security, of personal information we hold about you
seriously. This
privacy notice is designed to inform you about how we collect personal information about you and
how we
use that personal information. You should read this privacy notice carefully so that you know
and can
understand why and how we use the personal information we collect and hold about you.
We may issue you with other privacy notices from time to time, including when we collect
personal
information from you. This privacy notice is intended to supplement these and does not override
them.
We may update this privacy notice from time to time. This version was last updated on 10th June
2022.
-
Key Definitions
The key terms that we use throughout this privacy notice are defined below, for ease:
Data Controller: under UK data protection law, this is the organisation or person
responsible for
deciding how personal information is collected and stored and how it is used.
Data Processor: a Data Controller may appoint another organisation or person to carry
out certain
tasks in relation to the personal information on behalf of, and on the written instructions
of, the Data
Controller. (This might be the hosting of a site containing personal data, for example, or
providing an
email marketing service that facilitates mass distribution of marketing material to a Data
Controller’s customer-base.)
Personal Information: in this privacy notice we refer to your personal data as
‘personal
information’. ‘Personal information’ means any information from which a
living
individual can be identified. It does not apply to information which has been anonymised.
Special Information: certain very sensitive personal information requires extra
protection under
data protection law. Sensitive data includes information relating to health, racial and
ethnic origin,
political opinions, religious and similar beliefs, trade union membership, sex life and
sexual
orientation and also includes genetic information and biometric information.
-
Details of personal information which we collect and hold about you
-
Set out below are the general categories and in each case the types of personal
information which we
collect, use and hold about you:
General Category |
Types of Personal Data in that category |
Retention Periods |
Identity Information |
This is information relating to your identity such as your name (including any
previous names and
any titles which you use), and date of birth
|
As long as you continue to be a user of Nature DAO, and 5 years afterwards,
unless you request for
deletion.
|
Contact Information |
This is information relating to your contact details such as e-mail address and
telephone numbers
|
As long as you continue to be a user of Nature DAO, and 5 years afterwards,
unless you request for
deletion.
|
Account Information |
This is information relating to your account with us (including username and
password)] |
As long as you continue to be a user of Nature DAO, and 5 years afterwards,
unless you request for
deletion.
|
Linked Wallet and Paymentent Methods (crypto wallets, bank accounts,
credit/debit cards, or
others)
|
This is information relating to the methods by which you provide payment to us
such as [bank
account details, credit or debit card details] and details of any payments
(including amounts and
dates) which are made between us.
|
As long as you continue to be a user of Nature DAO, and 5 years afterwards,
unless you request for
deletion.
|
Transaction Information |
This is information relating to transactions between us such as details of the
goods, services
and/or digital content provided to you and any returns details.]
|
As long as you continue to be a user of Nature DAO, and 5 years afterwards,
unless you request for
deletion.
|
Website, Device and Technical Information |
This is information about your use of our website and technical data which we
collect (including
your IP address, the type of browser you are using and the version, the
operating system you are
using, details about the time zone and location settings on the device and other
information we
receive about your device)]
|
As long as you continue to be a user of Nature DAO, and 5 years afterwards,
unless you request for
deletion.
|
-
The types of personal data we collect about you may differ from person to person,
depending on who you
are and the relationship between us.
- We do not collect information from you relating to criminal convictions or offences.
-
Details of how and why we use personal information
-
We are only able to use your personal information for certain legal reasons set out in
data protection
law. There are legal reasons under data protection law other than those listed below,
but in most
cases, we will use your personal information for the following legal reasons:
-
Contract Reason: this is in order to perform our obligations to you under a contract
we have entered
into with you;
-
Legitimate Interests Reason: this is where the use of your personal information is
necessary for our
(or a third party’s) legitimate interests, so long as that legitimate interest
does not
override your fundamental rights, freedoms or interests.
-
Legal Obligation Reason: this is where we have to use your personal information in
order to perform
a legal obligation by which we are bound; and
-
Consent Reason: this is where you have given us your consent to use your personal
information for a
specific reason or specific reasons.
-
So that we are able to provide you with services, we will need your personal
information. If you do
not provide us with the required personal information, we may be prevented from
supplying all the
services we offer
-
It is important that you keep your personal information up to date. If any of your
personal
information changes, please contact us as soon as possible to let us know. If you do not
do this then
we may be prevented from supplying the services.
-
Where we rely on consent for a specific purpose as the legal reason for processing your
personal
information, you have the right under data protection law to withdraw your consent at
any time. If you
do wish to withdraw your consent, please contact us using the details set out at the
beginning of this
notice. If we receive a request from you withdrawing your consent to a specific purpose,
we will stop
processing your personal information for that purpose, unless we have another legal
reason for
processing your personal information, in which case, we will confirm that reason to you.
-
Sometimes we may anonymise personal information so that you can no longer be identified
from it and
use this for our own purposes. In addition, sometimes we may use some of your personal
information
together with other people’s personal information to give us statistical
information for our own
purposes. Because this is grouped together wither other personal information and you are
not
identifiable from that combined data we are able to use this.
-
Under data protection laws we can only use your personal information for the purposes we
have told you
about, unless we consider that the new purpose is compatible with the purpose(s) which
we told you
about. If we want to use your personal information for a different purpose which we do
not think is
compatible with the purpose(s) which we told you about then we will contact you to
explain this and
what legal reason is in place to allow us to do this.
-
Details about who personal Information may be shared with
-
We may need to share your personal information with other organisations or people. These
organisations
include:
-
Other companies in our group (who may might act as joint data controllers or as data
processors on
our behalf) and who [describe the services they provide which require them to have
access to
personal information, e.g. IT services, or describe the reasons it may be shared
with them, e.g. for
management reporting.
- Third parties who are not part of our group. These may include:
-
Suppliers: such as IT support services, payment providers, administration
providers, marketing
agencies
- Our advisors: such as lawyers, accountants, auditors, insurance companies
- Our bankers
- E-mail platforms
-
any organisations which propose to purchase our business and assets in which case we
may disclose
your personal information to the potential purchaser.
-
Depending on the circumstances, the organisations or people who we share your personal
information
with will be acting as either Data Processors or Data Controllers. Where we share your
personal
information with a Data Processor we will ensure that we have in place contracts, which
set out the
responsibilities and obligations of us and them, including in respect of security of
personal
information.
- We do not sell or trade any of the personal information which you have provided to us.
- Details about transfers to countries outside of the EEA
-
If any transfer of personal information by us will mean that your personal information
is transferred
outside of the EEA then we will ensure that safeguards are in place to ensure that a
similar degree of
protection is given to your personal information, as is given to it within the EEA and
that the
transfer is made in compliance with data protection laws (including where relevant any
exceptions to
the general rules on transferring personal information outside of the EEA which are
available to us
– these are known as ‘derogations’ under data protection laws). We may
need to
transfer personal information outside of the EEA [to other organisations within our
group or] [to the
third parties listed above in section 4 who may be located outside of the EEA.
-
The safeguards set out in data protection laws for transferring personal information
outside of the
EEA include:
-
where the transfer is to a country or territory which the EU Commission has approved
as ensuring an
adequate level of protection;
-
where personal information is transferred to another organisation within our group,
under an
agreement covering this situation which is known as “binding corporate
rules”;
- having in place a standard set of clauses which have been approved by the EU
Commission;
-
compliance with an approved code of conduct by a relevant data protection
supervisory authority (in
the UK, this is the Information Commissioner’s Office (ICO);
- certification with an approved certification mechanism;
-
where the EU Commission has approved specific arrangements in respect of certain
countries, such as
the US Privacy Shield, in relation to organisations which have signed up to it in
the USA.
- Details about how long we will hold your personal information
-
We will only hold your personal data for as long as is necessary. How long is necessary
will depend
upon the purposes for which we collected the personal information and whether we are
under any legal
obligation to keep the personal information. We may also need to keep personal
information in case of
any legal claims.
-
We have set out above the details of our retention periods for different types of data.
You can find
them in in section 2.
- Automated decision making
-
‘Automated decision making’ is where a decision is automatically made
without any human
involvement. Under data protection laws, this includes profiling.
‘Profiling’ is the
automated processing of personal data to evaluate or analyse certain personal aspects of
a person
(such as their behaviour, characteristics, interests and preferences).
-
Data protection laws place restrictions upon us if we carry out automated decision
making (including
profiling) which produces a legal effect or similarly significant effect on you.
-
We do carry out automated decision making (including profiling) which produces a legal
effect or
similarly significant effect on you. If we do decide to do this then we will notify you
and we will
inform you of the legal reason we are able to do this.
- YOUR RIGHTS UNDER DATA PROTECTION LAW
-
Under data protection laws you have certain rights in relation to your personal
information, as
follows:
-
Right to request access: (this is often called ‘subject access’). This
is the right to
obtain from us a copy of the personal information which we hold about you. We must
also provide you
with certain other information in response to these requests to help you understand
how your
personal information is being used.
-
Right to correction: this is the right to request that any incorrect personal data
is corrected and
that any incomplete personal data is completed.
-
Right to erasure: (this is often called the “right to be
forgotten”).This right only
applies in certain circumstances. Where it does apply, you have the right to request
us to erase all
of your personal information.
-
Right to restrict processing:this right only applies in certain circumstances. Where
it does apply,
you have the right to request us to restrict the processing of your personal
information.
-
Right to data portability: this right allows you to request us to transfer your
personal information
to someone else.
-
Right to object: you have the right to object to us processing your personal
information for direct
marketing purposes. You also have the right to object to us processing personal
information where
our legal reason for doing so is the Legitimate Interests Reason (see section 4
above) and there is
something about your particular situation which means that you want to object to us
processing your
personal information. In certain circumstances you have the right to object to
processing where such
processing consists of profiling (including profiling for direct marketing).
-
In addition to the rights set out in section 10.1, where we rely on consent as the legal
reason for
using your personal information, you have the right to withdraw your consent. Further
details about
this are set out in section 4.5.
-
If you want to exercise any of the above rights in relation to your personal
information, please
contact us using the details set out at the beginning of this notice. If you do make a
request then
please note:
- we may need certain information from you so that we can verify your identity;
-
we do not charge a fee for exercising your rights unless your request is unfounded
or excessive; and
- if your request is unfounded or excessive then we may refuse to deal with your
request.
- Marketing
-
You may receive marketing from us about similar goods and services, where either you
have consented to
this, or we have another legal reason by which we can contact you for marketing
purposes.
-
However, we will give you the opportunity to manage how or if we market to you. In any
e-mail which we
send to you, we provide a link to either unsubscribe or opt-out, or to change your
marketing
preferences. To change your marketing preferences, and/or to request that we stop
processing your
personal information for marketing purposes , you can always contact us on the details
set out at the
beginning of this notice.
-
If you do request that we stop marketing to you, this will not prevent us from sending
communications
to you which are not to do with marketing (for example in relation to services which you
have
purchased from us).
- We do not pass your personal information on to any third parties for marketing purposes.
- Complaints
If you are unhappy about the way that we have handled or used your personal information, you
have the
right to complain to the UK supervisory authority for data protection, which is the Information
Commissioner’s Office (ICO). Please do contact us in the first instance if you wish to
raise any
queries or make a complaint in respect of our handling or use of your personal information, so
that we
have the opportunity to discuss this with you and to take steps to resolve the position. You can
contact
us using the details set out at the beginning of this privacy notice.
- Third Party Websites
Our website may contain links to third party websites. If you click and follow those links then
these will
take you to the third party website. Those third party websites may collect personal information
from you
and you will need to check their privacy notices to understand how your personal information is
collected
and used by them.