1. SCOPE OF THIS POLICY
1.1. The following privacy policy (hereinafter: Privacy Policy) applies to all cases where Sidekik OÜ (hereinafter: Sidekik) processes personal data of natural persons (hereinafter: Data Subject) as a controller when operating and managing its website https://www.nftport.xyz/ (hereinafter: Website).
1.2. The Website operated by Sidekik allows the registered user (hereinafter: User) to use the Multi-Chain NFT Data service, Minting service and Enhanced API’s service (hereinafter together: Service).
1.3. Generally, Sidekik is not the data controller where Sidekik processes the personal data of the representatives of the User who is a legal person (or natural persons otherwise connected to the User who is a legal person). As such, for such processing this Privacy Policy does not apply.
1.4. Sidekik is committed to protecting and respecting the Data Subjects’ privacy. Please read this Privacy Policy carefully to understand Sidekik’s rules and practices regarding processing personal data.
1.5. This Privacy Policy applies from the date as set above. Sidekik has the right to unilaterally make amendments to the Privacy Policy. In such case the amended Privacy Policy shall be uploaded to the Website and/or will be sent to the Data Subject by e-mail.
2. DATA CONTROLLER
2.1. For the purpose of clarity, the data controller for the purposes of this Privacy Policy is Sidekik OÜ, registry code 14509434, registry address Estonia, Pikk tn 33-5 Tallinn, Harjumaa, 10133. Sidekik can be contacted any time by writing an e-mail at info@nftport.xyz.
3. WHY AND WHAT CATEGORIES OF PERSONAL DATA IS PROCESSED
3.1. Sidekik collects and processes personal data for the following purposes:
a) providing services (hereinafter: Services) to the User via the Website, which includes communicating with the User, providing the User customer support;
b) communicating with a potential User in relation to providing the Services in the future if the potential User has so requested;
c) sending news, special offers, promotions, marketing and general information about the Services to the User;
d) improving the Website and the Services;
e) enforcing and defending Sidekik’s legal rights;
f) complying with legal or regulatory obligations or requests which Sidekik is subject to.
3.2. Sidekik may collect and process the following personal data:
a) for provision of the Services (purpose stated in clause 3.1.a):
i. the User’s name, e-mail address, payment information (credit card number, billing address etc.), connection to an organization or project, information on the organization or project;
ii. data about the User’s NFT application and the User’s NFT;
iii. data about the User’s activity on the Website;
iv. technical usage data (e.g., unique device identifiers, browser type and version, device type and operating system);
v. any information the User may voluntarily provide as regards to the Services (e.g., via User support);
b) for communicating with the potential Users (purpose stated in clause 3.1.b): any data the Data Subject makes voluntarily available, usually being first and last name, e-mail address, Data Subject’s employer and position with that employer, telephone number, aspects of Data Subject’s project, and any other inquiry details;
c) for sending news, special offers, marketing and general information about the Services (purpose stated in clause 3.1.c): the User’s name, e-mail address, Website usage history and preferences;
d) for improving the Website and the Services (purpose stated in clause 3.1.e): any of the categories of personal data listed above and Data Subject’s IP address, Website usage history, type of device the Data Subject is using and information on Data Subject’s browser, depending on the exact development works done for the Services and/or the Website. Usually, the personal data is pseudonymised for development works;
e) for enforcing and defending Sidekik’s legal rights (purpose stated in clause 3.1.f): any of the categories of personal data listed above, determined case-by-case according to the legal right Sidekik is entitled to execute;
f) for complying with legal or regulatory obligations or requests (purpose stated in clause 3.1.g): any of the categories of personal data listed above, determined case-by-case according to the obligation or request Sidekik is subject to.
3.3. If the entry of any other personal data has been made mandatory upon account registration (e.g., entering e-mail) or after registration when using the functions of the Website, then the submission of the respective personal data is required for concluding the agreement between Sidekik and the User or for performing the respective agreement. As such, in these cases the submission of personal data is mandatory and if it is not submitted, it is impossible either to enter into this agreement or perform this agreement. If the entry of personal data has not been made mandatory on the Website and the submission of personal data is not required from the Data Subject in any other way, the submission of personal data is voluntary and non-submission does not have any direct adverse consequences for the Data Subject. However, failure to provide personal data may limit the use of the Website functions.
3.4. Generally, the Data Subject’s personal data is collected from the Data Subject himself/herself (e.g., Data Subject himself/herself gives his/her name, e-mail address, etc. to Sidekik).
4. LEGAL BASIS FOR PROCESSING PERSONAL DATA
4.1. Sidekik processes personal data because it is necessary for the fulfilment of a contract concluded between Sidekik and the User for provision of the Services (clause 3.1.a)); or for taking steps at the User’s request prior to entering into a contract (clause 3.1.b)). In such a case the legal basis for processing data is the contract concluded between Sidekik and the User; or the User’s request prior to entering into a contract.
4.2. Where Sidekik processes personal data for sending news, special offers, promotions, marketing information and general information about the Services (clause 3.1.c)), the legal basis is Sidekik’s legitimate interest to keep the User in loop of any information, advancements or offers available regarding the Services. The User has always the possibility to opt-out from receiving such data (e.g., by contacting Sidekik by e-mail). If the User opts-out, Sidekik shall no longer send such information.
4.3. If Sidekik processes personal data to improve the Website and the Services (clause 3.1.e)), the legal basis for processing personal data is Sidekik’s legitimate interest to improve and develop functioning of the Website, provision of the Services and its quality. Sidekik cannot provide the best and most modern Website and Services without doing any development works.
4.4. Sidekik processes personal data also for enforcing and defending Sidekik’s legal rights under the legitimate interest pursued by Sidekik (clause 3.1.f)). It is Sidekik’s legitimate interest to enforce and defend its legal rights if Sidekik sees it as necessary.
4.5. Where Sidekik processes personal data for complying with legal or regulatory obligations or requests, the legal basis is the necessity to comply with the legal obligations to which Sidekik is subject to (clause 3.1.g)).
5. DISCLOSING PERSONAL DATA
5.1. Sidekik shall not transfer the Data Subject’s personal data to third parties except for the following cases:
a) to companies which provide cloud computing services in which Sidekik stores and processes personal data (e.g., Google Cloud or AWS);
b) to companies which provide marketing and sales automation services (e.g., Salesforce, Twilio, Mailchimp)
c) to companies which provide documentation management and collaboration services (e.g., Notion, Airtable)
d) to companies which provide analytics services (e.g., Mixpanel)
e) to companies which provide payment processing (e.g., Stripe)
f) to companies which provide software development and engineering services;
5.2. All authorized third-party processors to whom Sidekik transmits personal data shall ensure the protection of personal data as required by the legislation regulating the protection of personal data. Where data is sent outside of the European Economic Area, Standard Contractual Clauses adopted by the European Commission are applied to safeguard the data processing.
5.3. Furthermore, Sidekik shall send personal data to a relevant institution requiring personal data, if Sidekik is under a duty to disclose or share such personal data in order to comply with any legal or regulatory obligation or request deriving from the law.
6. HOW LONG IS PERSONAL DATA PROCESSED
6.1. Sidekik only processes and stores the personal data for as long as it is necessary to fulfil the purpose for which it is processed – once the purpose has ceased, the personal data will be erased or anonymised.
6.2. The personal data will be processed:
a) up to 30 days after the deletion of the User’s account, where Sidekik processes personal data in relation to providing the Services (clause 3.1.a));
b) up to 30 days after the last contact with the potential User, where Sidekik processes personal data in relation to providing the Services in the future (clause 3.1.b));
c) up to 30 days after the deletion of the User’s account or until opt-out (whichever happens earlier), where Sidekik processes personal data regarding sending news, special offers and general information about the Services to the User (clause 3.1.c));
d) up to 30 days after the deletion of the User’s account, where Sidekik processes personal data regarding improving the Website and the Services (clause 3.1.d));
e) up to 3 years after the deletion of the User’s account, where Sidekik processes personal data regarding enforcing and defending Sidekik’s legal rights (clause 3.1.f));
f) up to 3 years after the deletion of the User’s account, where Sidekik processes personal data regarding complying with legal or regulatory obligations or requests (see clause 3.1.g)).
6.3. Personal data contained in any accounting documents shall be stored for 7 years from the end of the last financial year they relate to.
7. DATA SUBJECT’S RIGHTS
7.1. The Data Subject has the right to contact Sidekik by writing an e-mail at info@nftport.xyz to exercise the Data Subject’s rights concerning processing of personal data. Such rights include the:
a) right to request access of personal data;
b) right to request rectification of personal data;
c) right to request erasure of personal data;
d) right to request restriction of processing of personal data;
e) right to object to processing of personal data;
f) right to request portability of personal data;
g) right that decisions are not taken concerning the Data Subject which are based on automated decision-making, if applicable;
h) right to withdraw a consent;
i) right to lodge a complaint with a supervisory authority (Estonian Data Protection Inspectorate - https://www.aki.ee/en).
7.2. Where Sidekik processes personal data based on its legitimate interest, the Data Subject has a right to request information from Sidekik about the applicability of the legitimate interest, including the explanation about the balancing of interests between the Data Subject and Sidekik.
8. THIRD PARTY SITES
8.1. The Website may, from time to time, contain links to and from the websites of Sidekik’s partner networks, advertisers and affiliates. If the Data Subject follows a link to any of these websites, it must be considered that these websites and any services that may be accessible through them have their own privacy policies and that Sidekik does not accept any responsibility or liability for these policies or for any personal data that may be collected through these websites or services. Sidekik recommends checking these policies before submitting any personal data to these websites or using any of these services.