Last Updated: September 15, 2021

This privacy policy (“Privacy Policy”) describes how Graphene Blockchain or the Graphene Foundation (collectively, “Graphene”) may collect, use, disclose and process your Personal Data. This Privacy Policy should be read together with the terms of service (“Terms”). Any capitalized expression used but not otherwise defined in this Privacy Policy shall have the meaning given to such expression in the Terms. For reference, “Personal Data” has the meaning given to it under the General Data Protection Regulation of 2016 (Regulation (EU) 2016/679) (“GDPR”) or the applicable data protection legislation.

1. General Information
   1.1 Privacy is of utmost importance at Graphene. We recognize the significance of protecting information which is stored or is intended to be stored on our computers and which relates to an individual. The data we protect (“Personal Data”) is any information relating to an identified or identifiable natural person, sometimes called a data subject. Protecting privacy and the confidentiality of Personal Data is a fundamental component of the way we do business.

1.2 This Privacy Policy informs you of the ways we ensure your privacy and the confidentiality of Personal Data. We are compliant with applicable privacy laws in the countries in which we operate. This policy describes the information we gather, how we may use Personal Data and the circumstances under which we may disclose such information to third parties.

2. Collection of Personal Data
   2.1 When you access or use the Graphene site, submit information to Graphene or download one of our applications (each, a “Service” and collectively, the “Platform”), you agree to Graphene collecting, using, disclosing, processing and sharing your Personal Data with its affiliates, service providers and relevant third parties in accordance with this Privacy Policy. Under no circumstances do we ever collect an unencrypted private key from you.

2.2 When you access and use the Platform or the Services, you do so anonymously without having to provide any Personal Data. Notwithstanding, Graphene may collect Personal Data when (i) you contact Graphene, or request that Graphene contacts you, for any reason, or (ii) you submit your Personal Data to Graphene for any reason.

2.3 Graphene may use cookies, and other similar technologies to improve your user experience when you access the website. Whilst the use of the aforesaid technologies is not intended to collect any Personal Data, please note that Graphene has no control over the use of any of the aforesaid technology by third parties. You may at all times configure your browser to block, delete, restrict or otherwise control the aforesaid technologies but please note that this may impact your experience with the Platform and the Services.

2.4 Graphene may collect information relating to the general use of the Platform such as errors, log information concerning any errors encountered in the application and other related information relevant to Graphene’s provision of the Services, for the purpose of administration and error analysis to help Graphene improve its Services.

2.5 If you provide Graphene with any Personal Data relating to a third party, by providing such Personal Data to Graphene, you represent and warrant to Graphene that you have obtained the consent of such third party and are authorized by the third party for the relevant purposes.

2.6 You shall ensure that all Personal Data submitted to Graphene is accurate and complete. Please note that failure to do so may result in, amongst others, Graphene being unable to respond to your request.

2.7 You may withdraw your consent at any time after giving reasonable notice by submitting your request to [email protected]. Following the withdrawal of your consent, Graphene shall no longer collect, use or disclose your Personal Data unless consent is again obtained. The withdrawal of your consent may however result in certain consequences. In certain cases, Graphene may not be in the position to continue to provide its Services to you.

3. Purposes for Collection, Use and Disclosure of Personal Data
   Any collection, use and disclosure of your Personal Data by Graphene shall be for the purpose of providing customer or technical support to you only.
4. Limitations
   Graphene shall only collect, use or disclose your Personal Data to the extent necessary for the purposes described under this Privacy Policy and to the extent allowed by local law.
5. Disclosure and Sharing of Your Personal Data
   5.1 Graphene shall take reasonable steps to protect your Personal Data against unauthorized disclosure.

5.2 Graphene may disclose your Personal Data to third parties (e.g. affiliates, service provides or support agents) who are engaged to provide services to Graphene or who help Graphene in the course of its business operations. In the event Graphene so discloses Personal Data, such third parties will only have access to your Personal Data to the extent necessary to perform their functions and Graphene will conduct oversight over such service providers to ensure the secure management of Personal Data.

5.3 Graphene reserves the right to disclose your Personal Data in compliance with applicable laws and regulations.

5.4 Graphene does not sell your Personal Data to any third parties.

5.5 In the event that Graphene is in possession of any Personal Data, Graphene may transfer, store, process or deal with such Personal Data outside Gibraltar. In doing so, Graphene shall continue to comply with applicable data protection legislation.

5.6 Storage of Personal Data provided to Graphene is stored in accordance with applicable laws of the jurisdiction of the data subject at secure locations in the EU. Graphene has ensured that appropriate security standards are in place regarding the safeguarding, confidentiality and security of data. In regard to data subjects resident in the EU, Graphene, where required, registers with appropriate national data protection / information protection authorities. Graphene also ensures that data is held in a manner that meets the requirements of any national law of any member state of the European Union giving effect to the GDPR. The GDPR provides obligations on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

6. Protecting Your Information
   6.1 Graphene shall take reasonable steps to secure and protect your Personal Data (if any) in its possession or control by making reasonable security arrangements to prevent unauthorized access, collection, use, disclosure, modification, disposal or similar risks to Personal Data.

6.2 Notwithstanding, Graphene cannot ensure the security of the information you transmit to Graphene via the Internet or the Platform, and shall not be liable for any Losses arising from any unauthorized collection, use or disclosure of Personal Data whatsoever.

7. Retention
   Graphene shall collect and retain personal data in accordance with this Privacy Policy for as long as it is necessary, required, or relevant for business or legal purposes.
8. Access and Correction
   You may request access or make correction to your Personal Data held with Graphene. Graphene reserves the right to charge a fee for processing your request for access, and such fee shall depend on the nature and complexity of your request.
9. Third Party Sites
   The Platform may contain links to other websites of third parties. This Privacy Policy only applies to this Platform and the third party websites are subject to their own privacy policies. Your access of these websites shall be at your own risk, and Graphene recommends that you review the privacy policies (and such other policies) relating to such third party websites.
10. Changes to the Privacy Policy
    10.1 Graphene may amend this Privacy Policy from time to time for compliance with applicable laws and for consistency with the manner Graphene deals with your Personal Data.

10.2 Any amended Privacy Policy shall be posted on this page, and effective with effect from such date of posting. By continuing to access the Platform or using the Services after such amended Privacy Policy has been posted, you are deemed to have agreed and consented to such revised Privacy Policy.