Privacy Policy

Privacy Policy

Effective Date: 1 December 2023

Welcome to Yala Labs. Please take a few minutes to read this Privacy Policy carefully.

1. INTRODUCTION

We respect your privacy and are committed to protecting your personal data.Please note that our Services are not intended for minors below the age of 18 years and we do not knowingly collect data relating to minors.

This Privacy Policy sets out how Yala Labs ("we," "our," or "us") collects, uses, and shares information in connection with our Services as well as your rights and choices regarding such information.

By using the Services, you hereby agree to the collection, use, and sharing of your information as described in this Privacy Policy. If you do not agree with the terms set out hereunder, please refrain from utilizing our Services and/or interacting with our website (https://yala.org/) (“Website”).

It is important that you read this Privacy Policy together with any other Policy or policy we may provide on specific occasions when we are collecting or processing personal data about you so that you are fully aware of why and how we are using your data. This Privacy Policy supplements other policies and is not intended to override them.

2. WHAT INFORMATION WE COLLECT

Personal data, or personal information means any information that relates to an identified or identifiable living individual. This is a broad definition which is not restricted solely to personal identification data (e.g. your name, address, date of birth, etc.).

A “data subject” is an individual who can be identified, directly or indirectly, by personal data. This is usually by reference to an identifier such as a name, identification number, location data, an online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that natural person.

Different pieces of information, which collected together can lead to the identification of a particular person, also constitutes personal data.

Information Collected Automatically

Yala Labs operates and provides its Services in a decentralized and permissionless manner, based on underlying smart contracts written into the underlying blockchain on which our Services are provided.

Accordingly, when electing to utilize our Services, the following information may be collected from you automatically:-

(a) Wallet Information: We may collect details relating to the wallet which you use for the purposes of interacting with/utilizing our Services (i.e. Wallet Address). This information allows us to: (i) monitor your access to the Services so as to ensure that you are not utilizing the same in any manner which may contravene our Webstie terms and conditions or any applicable laws; (ii) take necessary action (e.g. restricting or blocking your access to the Services) for the purposes as aforesaid; and (iii) to improve the interface and user experience of our Services.

(b) Device Information: We may collect information about the device you use to access the Services (e.g. device type, operating system, browser type, and screen height and width). This information allows us to optimize the user interface according to the specifications of different devices and to troubleshoot any potential technical issues that may be associated with varying devices.

(c) User Behavior Information: We may collect information about how you use our Services, including, the time you spend utilizing our Services, your preferred features and assets, your interaction with links embedded on our Website, and your search queries on our Website. By analyzing this data, we gain a deeper understanding of our users behavior, thereby allowing us to make continuous improvements to our Website and Services and to enhance the overall user experience.

Information You Provide

In addition to the above mentioned, we may collect the following information about you when you use the Services:

(a) Correspondence and Content: When you submit any messages to us (such as feedback and questions to information support), we may collect your name and contact information, as well as any other content included in the message. This allows us to contact you so as to address your queries and where applicable, act on your feedback so as to improve our Services.

(b) Miscellaneous: You may choose to voluntarily provide and other information to us that we have not solicited from you at your own discretion. In this instance, you are solely responsible for such information.

3. HOW WE USE THE INFORMATION COLLECTED

We will only use the information collected as set out in this Privacy Policy when the applicable legislation allows us to or as otherwise set out hereto.

Most commonly, we will use the information collected in the following circumstances:

(a) Provision of Services: To make the Services available to you and perform the necessary actions such as responding to your comments, questions, and requests, and providing information support; sending you technical notices, updates, security alerts, information regarding changes to our policies, and support, administrative messages; detecting, preventing, and addressing fraud, breach of Terms, and threats, or harm; and compliance with legal and regulatory requirements.

(b) Improving the Services: To continually improve the Services.

(c) Legitimate interests: To further our legitimate interests (or those of a third party), where we make sure we use this basis as far as your interests and individual rights do not override those interests.

(d) Consent: With your consent, which means freely given, specific, informed and unambiguous indication of your wishes by which you, by a statement or by a clear affirmative action, signify agreement to the processing of personal data relating to you; under specific circumstances this consent should be explicit – if this is the case, we will ask for it properly.

(e) Compliance with Laws: As we believe necessary or appropriate to operate and maintain the security or integrity of our Services and Website, including to prevent or stop an attack on our computer systems or networks, investigate possible wrongdoing in connection with the Interface, enforce the terms and conditions pertaining to our Website and Services, and comply with applicable laws, lawful requests, and legal process, such as responding to subpoenas or requests from government authorities.

(f) Facilitating Requests: To comply with your requests or directions.

(g) Sale or Transfer of Business: We may also need to process your data in connection with or during the negotiation of any merger, financing, acquisition, bankruptcy, dissolution, transaction or proceeding involving all or a part of our shares, business or assets. This will be based on our legitimate interests in carrying out such transaction, or to meet our legal obligations.

Notwithstanding the above, we may use information that does not identify you (including information that has been aggregated or de-identified) for any purpose except as prohibited by applicable law.

4. DISCLOSURE OF INFORMATION

We may share or disclose information that we collect in accordance with the practices described in this section and for the purposes set out in the preceding section.

The categories of parties with whom we may share information include:

(a) Affiliates: We share information with our affiliates and related entities, including where they act as our service providers or for their own internal purposes.

(b) Professional Advisors: We share information with our professional advisors for purposes of audits and compliance with our legal obligations.

(c) Service Providers: We share information with third-party service providers for business purposes, including fraud detection and prevention, security threat detection, data analytics, information technology and storage, and blockchain transaction monitoring. All service providers that we engage with are restricted to only utilizing the information on our behalf and in accordance with our instructions.

Notwithstanding the above, we may share information that does not identify you (including information that has been aggregated or de-identified) except as prohibited by applicable law.

5. THIRD PARTY SERVICES

For the purposes of the Services, we may from time to time, work with third party services providers and/or integrate technologies operated or controlled by such third parties.

Please note that when you interact with third parties, including when you leave our Website via third party links embedded thereto, such third parties may independently collect information about you and solicit information from you.

The information collected and stored by the aforementioned third parties remains subject to their own policies and practices, including what information they share with us, your rights and choices on their services and devices, and the jurisdiction in which they store such information.

Prior to accessing third party links or interacting with third parties through our Website and/or Services, please familiarize yourself with the respective privacy policies and terms of use of such third parties (e.g. by using a third party wallet to engage in transactions on public blockchains, your interactions with any third party wallet provider are governed by the applicable terms of service and privacy policy of that wallet provider).

6. COOKIES

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of the Services or Website may become inaccessible or not function properly. For more information about the cookies we use, please review the Cookie Preferences.

Please note, a cookie is a small text file that is placed on your hard drive by a web page server. Cookies contain information that can later be read by a web server in the domain that issued the cookie to you. Some of the cookies will only be used if you use certain features or select certain preferences, and some cookies will always be used. You can find out more about each cookie by viewing our current cookie list below. We update this list periodically, so there may be additional cookies that are not yet listed.

How we use Cookies

We use cookies and other similar identifiers only to compile aggregate data about traffic and Website interaction to offer better user experiences and tools in the future.

Types of cookies we use

(a) Strictly Necessary Cookies: These cookies are essential for the Interface to function properly and enable basic features such as page navigation and access to secure areas of the Website. For the avoidance of doubt, cookies do not involve the collection of personal information.

(b) Analytical/Performance Cookies: These cookies allow us to analyze how you use the Website and Services, which helps us improve its functionality and performance.

(c) Functional Cookies: These cookies enable enhanced functionality and personalization of the website. They may remember your preferences, such as the wallet you previously used to connect.

7. DATA SECURITY

While there is an inherent risk in any data being shared over the internet, we have put in place appropriate security measures to prevent your personal data from being accidentally lost, used, damaged, or accessed in an unauthorized or unlawful way, altered, or disclosed.

Depending on the nature of the risks presented by the proposed processing of your personal data, we will have in place the following appropriate security measures:

(a) Technical measures (including but not limited to physical protection of data, pseudonymization and encryption); and

(b) Securing ongoing availability, integrity, and accessibility (including but not limited to ensuring appropriate back-ups of data are held).

We have put in place procedures to deal with any suspected personal data breach and will notify you and any relevant regulator of a breach where we are legally required to do so.

8. DATA RETENTION

To determine the appropriate retention period of your data, we consider the amount, nature and sensitivity of the data, the potential risk of harm from unauthorized use or disclosure of your personal data, the purposes for which we process your personal data and whether we can achieve those purposes through other means, and the applicable legal, regulatory, tax, accounting or other requirements.

Here are some exemplary factors which we usually consider when determining how long we need to retain your personal data:

(a) in the event of a complaint;

(b) if we reasonably believe there is a prospect of litigation in respect to our relationship with you or if we consider that we need to keep information to defend possible future legal claims (e.g. email addresses and content, chats, letters will be kept up to 10 years following the end of our relationship, depending on the limitation period applicable in your country);

(c) to comply with any applicable legal and/or regulatory requirements with respect to certain types of personal data;

(d) in accordance with relevant industry standards or guidelines;

(e) in accordance with our legitimate business need to prevent abuse of the promotions that we launch. We will retain a customer’s personal data for the time of the promotion and for a certain period after its end to prevent the appearance of abusive behavior.

9. DATA SUBJECTS IN THE EUROPEAN ECONOMIC AREA (EEA) AND THE UNITED KINGDOM

Data Controller

The General Data Protection Regulations in the European Economic Area and General Data Protection Regulations in the United Kingdom (collectively, "GDPR") distinguish between organizations that process personal data for their own purposes ("Controller") and organizations that process personal data on behalf of other organizations ("Processor").

For the purposes of the GDPR and this Privacy Policy, we collect data from you as a Controller. The Controller of your data is the entity that determines the “means” and the “purposes” of any processing activities that it carries out.

Lawful Basis

The GDPR requires a "lawful basis" for processing personal data. In other words, we have to ensure that we have a lawful basis for such use. Most commonly, we will use your personal data in the following circumstances:

(a) Consent: You have given consent to the processing of your personal data for one or more specific purposes, either to us or to our service providers or partners;

(b) Performance of Contract: means processing your data where it is necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract; we use this basis for provision of our Services;

(c) Legitimate Interests: means our interests (or those of a third party), where we make sure we use this basis as far as your interests and individual rights do not override those interests. Where applicable, we will transfer your personal data to third parties subject to appropriate or suitable safeguards, such as standard contractual clauses.;

(d) Compliance with a legal obligation: Processing your personal data is necessary for compliance with a legal obligation.

Purposes for which we use your personal data

We have set out below, in a table format, a description of all the ways we plan to use your personal data, and which of the legal bases we rely on to do so. We have also identified what our legitimate interests are where appropriate. Note that we may process your personal data for more than one lawful ground depending on the specific purpose for which we are using your data.

We will only use your personal data for the purposes for which we collected it, unless we reasonably consider that we need to use it for another reason and that reason is compatible with the original purpose.

Your Rights

If you are a user in the European Economic Area or the United Kingdom, you have certain rights under the GDPR. These rights include the right to:

(a) request access and obtain a copy of your personal data;

(b) request rectification or erasure of your personal data;

(c) object to or restrict the processing of your personal data;

(d) request portability of your personal data.

Additionally, if we have collected and processed your personal data with your consent, you have the right to withdraw your consent at any time.

Notwithstanding the foregoing, we cannot edit or delete information that is stored on a particular blockchain. This information may include transaction data (i.e., purchases, sales, and transfers) related to your blockchain wallet address and any items held therein.

To exercise any of these rights, please contact us via our email support@yala.org. We will respond to your request within thirty (30) days.

We may require specific information from you to help us confirm your identity and process your request. Please note that we retain information as necessary to fulfill the purpose for which it was collected and may continue to retain and use information even after a data subject request in accordance with our legitimate interests, including as necessary to comply with our legal obligations, resolve disputes, prevent fraud, and enforce our agreements.

You also reserve the right to lodge a complaint with the data protection regulator in your jurisdiction.

10. CHANGES TO THIS PRIVACY POLICY

We reserve the right to amend and reissue this Privacy Policy from time to time at our sole and absolute discretion. We will endeavor to notify you as soon as reasonably possible regarding any amendments to this Privacy Policy or post a notification regarding the same on our Website. In this regard, you shall ensure that you take reasonable steps to keep yourself updated on the relevant changes to this Privacy Policy by checking our Website. Any changes made to this Privacy Policy will be effective immediately upon our posting of the revised Privacy Policy. Accordingly and for the avoidance of doubt, your continued use of the Services shall be indicative of your consent to the revised Privacy Policy then posted and prevailing.

11. CONTACT US

If you have any questions or comments about this Privacy Policy, our data practices, or our compliance with applicable law, please contact us by email: support@yala.org.

Last updated