11/01/2022
Last update: November
This privacy policy ("Policy") describes how Palm NFT Studio, Inc. ("Company", "we", "our", or "us") collects, uses, shares, and stores personal information of users of its websites, palm.io, app.palm.io, docs.palm.io, marketplace.obilum.art, and explorer.palm.io (the "Sites"). This Policy applies to the Sites, applications, products, and services (collectively, "Services") whenever the Policy is posted, linked, or referenced.
By using the Services, you accept the terms of this Policy and our Terms of Use, and consent to our collection, use, disclosure, and retention of your information as described in this Policy. If you have not done so already, please also review our terms of use. The terms of use contain provisions that limit our liability to you and require you to resolve any dispute with us on an individual basis and not as part of any class or representative action. IF YOU DO NOT AGREE WITH ANY PART OF THIS PRIVACY POLICY OR OUR TERMS OF USE, THEN PLEASE DO NOT USE ANY OF THE SERVICES.
Please note that this Policy does not apply to information collected through third-party websites or services that you may access through the Services, including through any application or content that may link to or be accessible from or on the Sites, or that you submit to us through email, text message or other electronic message or offline.
If you are visiting the Sites from the European Union (EU), see our Notice to EU Data Subjects below for our legal bases for processing and transfer of your data.
We get information about you in a range of ways.
Information You Give Us. Information we collect from you may include:
If you choose to engage in certain financial transactions, we may require you to provide further information to enable us to verify your identity and meet our Know Your Customer (KYC) and/or anti-money laundering (AML) obligations. Such information may include your nationality, full residential address, social security number, Passport number or other government ID and country, state or locality of issuance, place of birth, employer and occupation, image of a government-issued photo ID, and a selfie image for use in matching to the ID image (which may involve the use of facial recognition technology). Note that this additional identity verification information is processed on our behalf by our service provider, SardineAI Corp. ("Sardine") (https://www.sardine.ai).
Information We Get From Others. We may get information about you from other third party sources and we may add this to information we get from your use of the Services. Such information may be obtained from publicly available sources, marketing partners, or other third party partners.
Information Automatically Collected. We automatically record certain information about how you use our Sites (we refer to this information as "Log Data"). Log Data includes information such as a user's Internet Protocol (IP) address, device and browser type, operating system, the pages or features of our Sites to which a user browsed and the time spent on those pages or features, the frequency with which the Sites are used by a user, search terms, the links on our Sites that a user clicked on or used, and other statistics. We use this information to administer the Service and we analyze (and may engage third parties to analyze) this information to improve and enhance the Service by expanding its features and functionality and tailoring it to our users' needs and preferences.
We and our third party service providers use cookies, pixels, local storage or similar technologies to collect personal information (such as the pages you visit, the links you click on, and similar usage information, identifiers, and device information) when you use our Sites, including personal information about your online activities over time and across different websites or online services. This information is used to store your preferences and settings, enable you to sign-in, analyze how our Sites perform, track your interaction with the Sites, develop inferences, deliver and tailor interest-based advertising, combat fraud, and fulfill other legitimate purposes. A cookie is a small file placed on the hard drive of your computer. A cookie can later be read when your browser connects to a web server in the same domain that placed the cookie. The text in a cookie contains a string of numbers and letters that may uniquely identify your device and can contain other information as well. This allows the web server to recognize your browser over time, each time it connects to that web server.
For example, we use Google Analytics, acting as our service provider, to help us offer you an optimized user experience. You can find more information about Google Analytics' use of your personal data here: https://www.google.com/analytics/terms/us.html. Our Sites may also contain cookies from our service provider, Sardine, that processes identity verification information required for our KYC and AML obligations described above.
Users can control the use of cookies and local storage at the individual browser level and you may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of the Sites. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to the Sites. For more information, please see our Cookies Policy.
Information we will never collect. We will never ask you to share your private keys or wallet seed. Never trust anyone or any site that asks you to enter your private keys or wallet seed.
We will use your personal information in the following ways:
We use your personal information as we believe necessary or appropriate to comply with applicable laws (including anti-money laundering (AML) laws and know-your-customer (KYC) requirements), lawful requests and legal process, such as to respond to subpoenas or requests from government authorities.
We use your personal information to communicate about promotions, upcoming events, and other news about products and services offered by us and our selected partners.
In order to optimize your user experience, we may use your personal information to operate, maintain, and improve our Services. We may also use your information to respond to your comments and questions regarding the Services, and to provide you and other users with general customer service.
We may use or share your personal information with your consent, such as when you consent to let us post your testimonials or endorsements on our Sites, you instruct us to take a specific action with respect to your personal information, or you opt into third party marketing communications.
We may use your personal information to protect, investigate, and deter against fraudulent, unauthorized, or illegal activity.
We do not share the personal information that you provide us with other organizations without your express consent, except as described in this Privacy Policy. We disclose personal information to third parties under the following circumstances:
We may also share aggregated and/or anonymized data with others for their own uses.
The Company is headquartered in the United States and has offices outside of the EU and has affiliates and service providers in the United States and in other countries. Your personal information may be transferred to or from the United States or other locations outside of your state, province, country or EU users should read the important information provided below about transfer of personal information outside of the European Economic Area (EEA).
We retain information we collect as long as it is necessary and relevant to fulfill the purposes outlined in this privacy policy. In addition, we retain personal information to comply with applicable law where required, prevent fraud, resolve disputes, troubleshoot problems, assist with any investigation, enforce our Terms of Use, and other actions permitted by law. To determine the appropriate retention period for personal information, we consider the amount, nature, and sensitivity of the personal information, the potential risk of harm from unauthorized use or disclosure of your personal information, the purposes for which we process your personal information and whether we can achieve those purposes through other means, and the applicable legal requirements.
In some circumstances we may anonymize your personal information (so that it can no longer be associated with you) in which case we may use this information indefinitely without further notice to you.
We employ industry standard security measures designed to protect the security of all information submitted through the Services. However, the security of information transmitted through the internet can never be guaranteed. We are not responsible for any interception or interruption of any communications through the internet or for changes to or losses of data. Users of the Services are responsible for maintaining the security of any password, biometrics, user ID or other form of authentication involved in obtaining access to password protected or secure areas of any of our digital services. In order to protect you and your data, we may suspend your use of any of the Services, without notice, pending an investigation, if any breach of security is suspected.
You may access information that you have voluntarily provided through your account on the Services, and to review, correct, or delete it by sending a request to privacy@palm.io. You can request to change contact choices, opt-out of our sharing with others, and update your personal information and preferences.
Regular cookies may generally be disabled or removed by tools available as part of most commercial browsers, and in some instances blocked in the future by selecting certain settings. For more information, please see our Cookies Policy.
You may exercise choices regarding the use of cookies from Google Analytics by going to https://tools.google.com/dlpage/gaoptout and downloading the Google Analytics Opt-out Browser Add-on.
As described above and in our Cookies Policy, we, on our own or working with affiliates or third party service providers, may use cookies and similar technologies to collect and use data for interest-based advertising.
For more information about interest-based advertising on your desktop or mobile browser, and to opt out of this type of advertising by third parties that participate in self-regulatory programs, please visit the Network Advertising Initiative website and/or the Digital Advertising Alliance ("DAA") Self-Regulatory Program for Online Behavioral Advertising website. We use Google advertising services on our Sites, and if you wish to opt-out of personalized ads from Google, you may visit https://adssettings.google.com/. Please note that any opt-out choice you exercise through these programs will apply to interest-based advertising by the third parties you select, but will still allow the collection of data for other purposes, including research, analytics, and internal operations. You may continue to receive advertising, but that advertising may be less relevant to your interests.
Precise location information. To disable the collection of precise location information from your mobile device through our mobile apps, you can access your mobile device settings and choose to limit that collection.
See also our Cookies and Other Technical Information section for more choices about managing other technical and usage information.
CONTACT INFORMATION. We welcome your comments or questions about this Policy, and you may contact us at: privacy@palm.io or via mail at 874 Walker Rd, Suite C, Dover, DE 19904.
CHANGES TO THIS PRIVACY POLICY. We may change this privacy policy at any time. We encourage you to periodically review this page for the latest information on our privacy practices. If we make any changes, we will change the Last Updated date above.
Any modifications to this Privacy Policy will be effective upon our posting of the new terms and/or upon implementation of the changes to the Sites (or as otherwise indicated at the time of posting). In all cases, your continued use of the Sites or Services after the posting of any modified Privacy Policy indicates your acceptance of the terms of the modified Privacy Policy.
If you are under the age of majority in your jurisdiction of residence, you may use the Services only with the consent of or under the supervision of your parent or legal guardian. Consistent with the requirements of the Children's Online Privacy Protection Act (COPPA), if we learn that we have received any information directly from a child under age 13 without first receiving his or her parent's verified consent, we will use that information only to respond directly to that child (or his or her parent or legal guardian) to inform the child that he or she cannot use the Sites and subsequently we will delete that information.
This section provides additional details about the personal information we collect about California consumers and the rights afforded to them under the California Consumer Privacy Act or "CCPA."
For more details about the personal information we collect from you, please see the "What We Collect" section above. We collect this information for the business and commercial purposes described in the "Use of Personal Information" section above. We share this information with the categories of third parties described in the "Sharing of Personal Information" section above. The Company does not sell (as such term is defined in the CCPA) the personal information we collect and has not done so in the past 12 months. Please refer to our Cookies Policy for more information regarding the types of third-party cookies that we use. Subject to certain limitations, the CCPA provides California consumers the right to request to know more details about the categories or specific pieces of personal information we collect (including how we use and disclose this information), to delete their personal information, to opt out of any "sales" that may be occurring, and to not be discriminated against for exercising these rights.
California consumers may make a request pursuant to their rights under the CCPA by contacting us at privacy@palm.io. Please note that you must verify your identity and request to the degree of certainty required by law before further action is taken. As a part of this process, government-issued identification may be required. Consistent with California law, you may designate an authorized agent to make a request on your behalf. Before accepting such a request from an agent, we will require the agent to provide proof you have authorized it to act on your behalf, and we may need you to verify your identity directly with us.
With respect to EU data subjects, "personal information," as used in this Privacy Policy, is equivalent to:
"personal data" as defined in the European Union General Data Protection Regulation (GDPR).
VeraSafe has been appointed as Palm's representative in the European Union for data protection matters, pursuant to Article 27 of the General Data Protection Regulation of the European Union. If you are in the United Kingdom or the European Economic Area, VeraSafe can be contacted in addition to Palm's privacy Contact Information detailed above, only on matters related to the processing of personal data. To make such an inquiry, please contact VeraSafe using this contact form: https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +420 228 881 031.
VeraSafe Ireland Ltd.
Unit 3D North Point House
North Point Business Park
New Mallow Road
Cork T23AT2P
Ireland
VeraSafe has been appointed as Palm's representative in the United Kingdom for data protection matters, pursuant to Article 27 of the United Kingdom General Data Protection Regulation. If you are located within the United Kingdom, VeraSafe can be contacted in addition to or instead of Palm's privacy Contact Information as detailed above, only on matters related to the processing of personal data.
To make such an inquiry, please contact VeraSafe using this contact form:
https://verasafe.com/public-resources/contact-data-protection-representative or via telephone at: +44 (20) 4532 2003.
VeraSafe United Kingdom Ltd.
37 Albert Embankment
London SE1 7TL
United Kingdom
Some of the information you provide us may constitute sensitive data as defined in the GDPR (also referred to as special categories of personal data), including identification of your race or ethnicity on government-issued identification documents.
We only use your personal information as permitted by law. We are required to inform you of the legal bases of our processing of your personal information, which are described in the table below. If you have questions about the legal bases under which we process your personal information, contact us at privacy@palm.io.
To provide our service
Our processing of your personal information is necessary to perform the contract governing our provision of the Services or to take steps that you request prior to signing up for the Service.
To communicate with you.
To optimize our platform.
For compliance, fraud prevention, and safety.
To provide our service.
These processing activities constitute our legitimate interests. We make sure we consider and balance any potential impacts on you (both positive and negative) and your rights before we process your personal information for our legitimate interests. We do not use your personal information for activities where our interests are overridden by any adverse impact on you (unless we have your consent or are otherwise required or permitted to by law).
To comply with law.
We use your personal information to comply with applicable laws and our legal obligations, including anti-money laundering (AML) laws and know-your-customer (KYC) requirements.
With your consent.
Where our use of your personal information is based upon your consent, you have the right to withdraw it anytime in the manner indicated in the Service or by contacting us at privacy@palm.io.
We may use your personal information for reasons not described in this Privacy Policy, where we are permitted by law to do so and where the reason is compatible with the purpose for which we collected it. If we need to use your personal information for an unrelated purpose, we will notify you and explain the applicable legal basis for that use. If we have relied upon your consent for a particular use of your personal information, we will seek your consent for any unrelated purpose.
Under the GDPR, you have certain rights regarding your personal information. You may ask us to take the following actions in relation to your personal information that we hold:
You can submit these requests by email to privacy@palm.io or via mail to 874 Walker Rd, Suite C, Dover, DE 19904. We may request specific information from you to help us confirm your identity and process your request. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why, subject to legal restrictions. If you would like to submit a complaint about our use of your personal information or response to your requests regarding your personal information, you may contact us at privacy@palm.io or submit a complaint to the data protection regulator in your jurisdiction. You can find your data protection regulator here.
Please be aware that your personal data will be transferred to, processed, and stored in the United States. Data protection laws in the U.S. may be different from those in your country of residence. You consent to the transfer of your information, including personal information, to the U.S. as set forth in this Privacy Policy by visiting our Sites or using our service.
Whenever we transfer your personal information out of the EEA to the U.S. or countries not deemed by the European Commission to provide an adequate level of personal information protection, the transfer will be based on a data transfer mechanism recognized by the European Commission as providing adequate protection for personal information.
Please contact us if you want further information on the specific mechanism used by us when transferring your personal information out of the EEA.
You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Sites may become inaccessible or not function properly. For more information about the cookies we use, please see our Cookies Policy.
Last Updated: November 2022
Both privacy and confidentiality are relevant aspects for OBILUM. For this reason and according to the European Union General Data Protection Regulation 2016/679 (GDPR), by means of this Policy it is established the way OBILUM processes personal information. This Privacy Policy intends to keep users of OBILUM's website (www.obilum.art) and the platform by means of which OBILUM perform its services (www.marketplace@obilum.art) hereinafter, the " Platform" ) informed about how their personal information is collected and processed by OBILUM.
Please note that this Privacy Policy may change at any time due to any legal change or due to new implementation criteria set out by the Spanish Agency for Personal Data Protection (AEPD) or the competent authority in each case.
The information and details about the owner of this website and controller of the personal information processing are the following:
Controller: OBILUM NFT STUDIO 2022, S.L. (hereinafter "OBILUM" )
Address: Edificio CAIT, Parque Científico y Tecnológico UPM, Campus Montegancedo, floor -1, box 1.2, Pozuelo de Alarcón, Spain
Tax ID # (CIF): B-72547730
Telephone: +34618524983
Email address: support@obilum.art
To manage your queries and requests: to analyse and respond to your queries and comply with your requests made through the application form in the website and to communicate with you in relation to such requests.
To manage your requests for signing-up in OBILUM's Platform: to be able to manage your requests to sign-up to OBILUM's Platform.
To manage your transactions within the Platform: to be able to manage your transactions realised through the Platform by means of which you may acquire artworks' NFTs.
To comply with law: we will use your personal information every time we need it to comply with applicable laws in force at any time, which includes complying with information requests made by public authorities.
We do not process your personal information collected through this website for any other purpose different than those stated in this Private Policy.
We collect personal information in two ways:
The website application form
We specifically collect the following personal information through the website application form: full name, email, username, and password. Such information provides directly from the information provided directly by you.
The Platform sign-up process
We specifically collect the following personal information through the Platform during the sign-up process: full name, date of birth, email address, postal address, national ID or passport #. Such information provides directly from the information provided directly by you.
The personal information collected will be kept during the time necessary for the purposes they were collected and, afterwards, for the time necessary to comply with any potential legal obligation or request according to the laws and regulations in force.
These are the legal bases for the processing of the personal information we carry out:
We do not send any personal information collected through this website or the Platform to any third party except when specifically requested by a public authority or it is an authorized recipient.
OBILUM may transmit your personal information to our service providers who are subject to an obligation of confidentiality and are exclusively allowed to use such information on our behalf under our instructions and for the specific tasks entrusted to them.
OBILUM does not assign your personal information to third parties without collecting your prior and express consent to such assignment.
OBILUM may use services provided by specialized companies, acting as contractors or subcontractors, that may be located outside of the European Union. When that is the case, OBILUM takes the appropriate measures to make sure that such service providers comply with GDPR requirements about the level of protection of personal information. We inform you that, very specifically, OBILUM uses as preferent services supplier the US-based company Palm NFT Studio, Inc. in relation to the management of the Platform.
Under the GDPR you have certain rights regarding your personal information. These are the actions you can ask us to take in relation to the personal information we hold about you:
In case you want to exercise any of these rights you can address to OBILUM sending an email to support@obilum.art indicating the specific right you want to exercise and attaching a copy of your national ID or passport. In addition, you have the right to ask the Spanish Agency of Personal Data Protection to enforce your rights.
Taking into account the nature, scope, context and purposes of processing of the personal information collected through this website or OBILUM' applications, as well as the risks of varying likelihood and severity for the rights and freedoms of natural persons, OBILUM has implemented the appropriate technical and organisational measures to ensure that processing is performed in accordance with GDPR. Those measures are updated every time it is necessary.
OBILUM reserves the right to modify, wholly or partially, this Private Policy without prior notice.