Privacy Policy

Last update: 16th March 2023
This is the privacy policy (“Privacy Policy”) for any application or web service owned or operated (collectively the “Platform”) provided by Candide Labs, individual company registered under DUNS number 279163959. In this policy, "we", "us" and "our" refers to CANDIDE Labs.

1. Introduction

This Privacy Policy explains who we are, why and how we process personal data collected through your use of the Platform and, if you are the subject of any of the personal data concerned, what rights you have and how to get in touch with us if you need to.
When you supply any personal data to us we have legal obligations towards you in the way we use that data. We must collect the information fairly and explain to you how we will use it. For ease of reading, we have divided this Privacy Policy into several sections:
  • Introduction
  • Your information on the blockchain
  • What information we collect
  • How and why we use/share your information
  • Security
  • International Data Transfers
  • Your rights
  • Contact details
It is important that you read this Privacy Policy together with any other privacy notice or fair processing notice that we may provide at or around the time that we collect or process personal data about you so that you are fully aware of how and why we are using that data. This Privacy Policy supplements other notices and legal documents including the Terms of Service (“Terms”) and is not intended to override or replace them.
If, for any reason, you do not agree to the terms of this Privacy Policy, please stop using the Platform. We reserve the right to revise or amend this Privacy Policy at any time to reflect changes to our business or changes in the law. Where these changes are significant we will endeavour to email all of our registered users to make sure that they are informed of such changes. Please note that the Platform is not intended for use by nor directed at anyone under the age of 18 and we do not knowingly collect data relating to children. If you believe we have collected personal information about your child, you may contact us at hello@candidewallet.com and request that we remove information about them.

2. Your information on the blockchain

Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of CANDIDE Wallet. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either. Accordingly, by design, a blockchains records cannot be changed or deleted and is said to be ‘immutable’. This may affect your ability to exercise your rights such as your right to erasure (‘right to be forgotten’), or your rights to object or restrict processing, of your personal data. Data on the blockchain cannot be erased and cannot be changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted. In certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens) it will be necessary to write certain personal data, such as your wallet address, onto the blockchain; this is done through a smart contract and requires you to execute such transactions using your wallet’s private key. In most cases ultimate decisions to (i) transact on the blockchain using your wallet address, as well as (ii) share the public key relating to your wallet address with anyone (including us) rests with you. IF YOU WANT TO ENSURE YOUR PRIVACY RIGHTS ARE NOT AFFECTED IN ANY WAY, YOU SHOULD NOT TRANSACT ON BLOCKCHAINS AS CERTAIN RIGHTS MAY NOT BE FULLY AVAILABLE OR EXERCISABLE BY YOU OR US DUE TO THE TECHNOLOGICAL INFRASTRUCTURE OF THE BLOCKCHAIN. IN PARTICULAR THE BLOCKCHAIN IS AVAILABLE TO THE PUBLIC AND ANY PERSONAL DATA SHARED ON THE BLOCKCHAIN WILL BECOME PUBLICLY AVAILABLE

2. What information we collect

2.1 What is personal data?

Where this Privacy Policy refers to ‘personal data’ it is referring to data about you from which you could be identified – such as your name, your date of birth, or your contact details. By law all organisations who process your personal data in Europe are obliged to process your personal data in certain ways and to ensure that you are given an appropriate amount of information about how they use it. You also have various rights to seek information from those organizations about how they are using your data, and to prevent them from processing it unlawfully. For more information about these rights, please see the ‘Your Rights’ section of this Privacy Policy.

2.2 When visiting our website

When you use the Platform to register an account, fill in forms provided on the Platform, subscribe to our services or report a problem with the website, we may collect, store and use certain personal information that you disclose to us. The information we collect from you may include (but is not limited to): your IP address, email address, and feedback.

2.3 When using CANDIDE Wallet App

When using the CANDIDE Wallet App, we never collect and process any of your personal data. The data is stored in different instances and publicly accesible on the blockchain. On the Blockchain the following data will be stored:
  • your smart contract address of the CANDIDE Wallet;
  • transaction made with the CANDIDE Wallet contracts; and
  • ETH and token balance.
The data is needed to create the account and enable the user to make use of the app. The CANDIDE Wallet is a multi-signature wallet with a threshold of 1. Thus, the signer key owned accounts is needed to confirm a transaction before they are executed. The signer key is locally saved on your device and never shared with us or any other 3rd party service. The data will be stored on the Blockchain. Given the technological design of the blockchain, as explained in section 2, this data will become public and it will not likely be possible to delete or change the data at any given time.
We may also collect information about how you use the Platform through Google Play’s Android Advertising ID technology and Apple iOS’s Advertising Identifier. This is used only by us and our trusted third party service providers (see “Service Providers”  below) for advertising and user analytics. The advertising identifier will only be connected to personally identifiable information where you have provided us with your explicit consent.
We will respect your user selections for this technology and will not use the data in any way which you have asked us not to. We are committed to abiding by Google and Apple’s terms of use and you may contact us (at hello@candidewallet.com), Google or Apple directly if you have any questions regarding our use of this technology. Updating your information If you want to update the information you have previously given to us, you can contact us at hello@candidewallet.com

3. How and why we use/share your information

Lawful basis for processing your information We will only use your personal data when the law allows us to. Most commonly we will use your personal data in the following circumstances:
  • Where you have asked us to do so, or consented to us doing so
  • Where we need to do so in order to perform a contract we have entered into with you
  • Where it is necessary for our legitimate interests (or those of a third party) and your fundamental rights do not override those interests;
  • Where we need to comply with a legal or regulatory obligation

Marketing

You will receive marketing messages from us if you have given us your consent to do so or if you have provided feedback on our Platform and have not opted out of receiving marketing messages (and it is within our legal rights, when balanced against your rights and freedoms as an individual, to serve you with marketing). To unsubscribe from marketing emails at any time, please click on the unsubscribe link at the bottom of any marketing email and update your account preferences. You may also contact us to inform us if you do not wish to receive any marketing materials from us.

Service Providers

Our service providers provide us with a variety of administrative, statistical, and technical services. We will only provide service providers with the minimum amount of personal data they need to fulfill the services we request, and we stipulate that they protect this information and do not use it for any other purpose. We take these relationships seriously and oblige all of our data processors to sign contracts with us that clearly set out their commitment to respecting individual rights, and their commitments to assisting us to help you exercise your rights as a data subject.

Other Disclosures

During your use of the Platform, your app store provider and mobile network operator may also collect personal information about you regarding your use of the Platform such as your identity, your usage and location. These third parties shall act as separate and independent controllers of that personal data and shall process it in accordance with their own privacy policy. Links to third party sites The Platform may, from time to time, contain links to and from the websites of our partner networks, advertisers and affiliates. We may also provide links to third party websites that are not affiliated with the Platform. Third party websites are out of our control and are not covered by this Privacy Policy. If you access third party sites using the links provided, the operators of these sites may collect information from you that could be used by them, in accordance with their own privacy policies. Please check these policies before you submit any personal data to those websites.

4. Security

Candide takes the protection of your information very seriously. We have put in place appropriate physical, electronic and managerial security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorised way, altered or disclosed, including use of secure servers, passwords and industry standard encryption for data. Where we have given you a password that enables you to access certain parts of our Platform, you are responsible for keeping this password confidential. We ask you not to share a password with anyone. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.

5. International Data Transfers

Please note that some of our service providers may be based outside of the European Economic Area (the “EEA”). These service providers may work for us or for one of our suppliers and may be engaged in, among other things, the fulfilment of your request for information, products and services, the processing of your payment details and the provision of support services. Where we transfer your data to a service provider that is outside of the EEA we seek to ensure that appropriate safeguards are in place to make sure that your personal data is held securely and that your rights as a data subject are upheld. Transfers of personal data are either made:
  • to a country recognized by the European Commission as providing an adequate level of protection; or
  • to a country which does not offer adequate protection but whose transfer has been governed by the standard contractual clauses of the European Commission, by implementing other appropriate cross-border transfer solutions to provide adequate protection.
If you would like more information about the mechanism via which your personal data is transferred please contact hello@candidewallet.com

7. Your Rights

As a data subject you have a number of rights in relation to your personal data. Below, we have described the various rights that you have as well as how you can exercise them. Right of Access You may, at any time, request access to the personal data that we hold which relates to you (you may have heard of this right being described as a “subject access request”). Please note that this right entitles you to receive a copy of the personal data that we hold about you in order to enable you to check that it is correct and to ensure that we are processing that personal data lawfully. It is not a right that allows you to request personal data about other people, or a right to request specific documents from us that do not relate to your personal data. You can exercise this right at any time by writing to us using the contact details set out here and telling us that you are making a subject access request. You do not have to fill in a specific form to make this kind of request.

Your Right to Rectification and Erasure

You may, at any time, request that we correct personal data that we hold about you which you believe is incorrect or inaccurate. Please note that we may ask you to verify any new data that you provide to us and may take our own steps to check that the new data you have supplied us with is right. You may also ask us to erase personal data that we control if you do not believe that we need to continue retaining it (you may have heard of this right described as the “right to be forgotten”).
Although we will do everything to respect your request and personal data it may not always be possible to erase all of your personal data as there may be legal requirements to keep certain personal data or technical limitations to the data we can delete; for example, we are not able to satisfy requests to erase records and information recorded on the blockchain, including, but not limited to, your chosen user name, your transaction history and your account balance.
There may also be legitimate interests in keeping certain data including, amongst others, if the data is required for the Platform to function. If this is the case we will continue to process this data. If erasure is not technically possible or we believe that we have a good legal reason to continue processing personal data that you ask us to erase we will tell you this and our reasoning at the time we respond to your request. You can exercise this right at any time by writing to us using the contact details set out here and telling us that you are making a request to have your personal data rectified or erased and on what basis you are making that request. If you want us to replace inaccurate data with new data, you should tell us what that new data is. You do not have to fill in a specific form to make this kind of request.

Your Right to Restrict Processing

Where we process your personal data on the basis of a legitimate interest you are entitled to ask us to stop processing it in that way if you feel that our continuing to do so impacts on your fundamental rights and freedoms or if you feel that those legitimate interests are not valid. You may also ask us to stop processing your personal data
  • if you dispute the accuracy of that personal data and want us verify that data’s accuracy;
  • where it has been established that our use of the data is unlawful but you do not want us to erase it;
  • where we no longer need to process your personal data (and would otherwise dispose of it) but you wish for us to continue storing it in order to enable you to establish, exercise or defend legal claims.
Please note that if for any reason we believe that we have a good legal reason to continue processing personal data that you ask us to stop processing, we will tell you what that reason is, either at the time we first respond to your request or after we have had the opportunity to consider and investigate it.
You can exercise this right at any time by writing to us using the contact details set out here and telling us that you are making a request to have us stop processing the relevant aspect of your personal data and describing which of the above conditions you believe is relevant to that request. You do not have to fill in a specific form to make this kind of request.

Your Right to Portability

Where you wish to transfer certain personal data that we hold about you, which is processed by automated means, to a third party you may write to us and ask us to provide it to you in a commonly used machine-readable format. Because of the kind of work that we do and the systems that we use, we do not envisage this right being particularly relevant to the majority of individuals with whom we interact. However, if you wish to transfer your data from us to a third party we are happy to consider such requests.

Your Right to object to processing

You may object to processing of your personal data where we rely on legitimate interest for processing that personal data. We will comply with your request unless we have a compelling overriding legitimate interest for processing or we need to continue processing your personal data to establish, exercise or defend a legal claim.

Your Right to stop receiving communications

For details on your rights to ask us to stop sending you various kinds of communications, please contact us. Your Right to object to automated decision making and profiling You have the right to be informed about the existence of any automated decision making and profiling of your personal data, and where appropriate, be provided with meaningful information about the logic involved, as well as the significance and the envisaged consequences of such processing that affects you.

Withdrawal of consent

Where we are relying on consent to process your personal data you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide certain products or services to you. We will advise you if this is the case at the time you withdraw your consent.

Exercising your rights

When you write to us making a request to exercise your rights we are entitled to ask you to prove that you are who you say you are. We may ask you to provide copies of relevant ID documents to help us to verify your identity, or sign a message to verify your identity to your account. It will help us to process your request if you clearly state which right you wish to exercise and, where relevant, why it is that you are exercising it. The clearer and more specific you can be, the faster and more efficiently we can deal with your request. If you do not provide us with sufficient information then we may delay actioning your request until you have provided us with additional information (and where this is the case we will tell you).

8. Contact Details

If you have any queries regarding this Privacy Policy, if you wish to exercise any of your rights set out above or if you think that the Privacy Policy has not been followed, please contact us by emailing at hello@candidewallet.com