Privacy Policy

With this Privacy Notice, we, Yumi Ltd (hereinafter "Yumi", "we" or "us"), describe how we collect and process Personal Data in the course of providing our Services (as defined in section 2 below).

The term "Personal Data" as used in this Privacy Notice means any information that identifies, or could reasonably be used to identify, an individual ("Data Subject").

If you provide us with personal information about others, please make sure that they are aware of this Privacy Notice and only provide us with their information if you are authorized to do so and that personal information is accurate.

We collect, process and use your Personal Data in accordance with the BVI Data Protection Act ("DPA") and the EU General Data Protection Regulation ("GDPR").

1. Data controller

The "Controller" of the data processing as described in this Privacy Notice is Yumi, located in British Virgin Islands (BVI company number 2096470). You may communicate any privacy concerns to us using the following contact details: privacy@yumi.io, Ora et Labora Building, Wickhams Cay II, PO Box 4301, Road Town, Tortola, VG1110, British Virgin Islands.

The controller is part of an international group company. "Group Companies" means the companies affiliated with Yumi which have their registered office in Switzerland, China and abroad.

2. Our services and their relationship with data processing

In the following (section. 2.1 et seq.), we describe the services that we provide to our Users as well as visitors of our website yumi.io ("Website") in connection with which we process Personal Data.

The term "User" as used herein means a user of our services, including our Yumi Platform, Website and other services as defined in our Terms of Service[DB1] .

2.1. User Account

Description: You have the option to add personal data such as your cryptocurrency wallet public address or email address to your user account on the Website.

Categories of Personal Data processed: Any Personal Data that you integrate into your User account.

Origin of Personal Data: We receive Personal Data from you.

Legal basis: We process your Personal Data based on our legitimate interests, Art. 6 (1) lit. f GDPR, as well as to fulfill your request to create and maintain a user account, Art. 6 (1) lit. b GDPR.

Purpose of processing: The aforementioned data will be processed by us for the following purposes:

· To improve our offer or individualize our Website;

· To inform you about trading activity related to your account;

· Assertion of legal claims and defense in connection with legal disputes and official proceedings;

· For other administrative purposes.

Recipients of Personal Data: We share your Personal Data with our Group Companies, as well as with selected service providers who we need to operate our website.

In cases where we are required to do so by law or in order to defend or exercise our legal rights, we may also disclose your Personal Data to third parties (for example, lawyers, authorities or courts).

2.2. Artist and project creator application

Description: In order to be able to list and mint your new NFT collection via our services you have to fill out and send us the corresponding artist or project creator form. We will then guide you through the process of creating your NFT collection.

Categories of Personal Data processed: We process your contact details and any Personal Data that you integrate into your application, such as your name or social media profile.

Origin of Personal Data: We receive your Personal Data either from you or from a third party provider.

Legal basis: We process your Personal Data based on our legitimate interests, Art. 6 (1) lit. f GDPR, as well as to consider your application, Art. 6 (1) lit. b GDPR.

Purpose of processing: The aforementioned data will be processed by us for the following purposes:

· To process your respective application;

· To verify you are not a bot in order to avoid spam;

· Assertion of legal claims and defense in connection with legal disputes and official proceedings;

· For other administrative purposes.

Recipients of Personal Data: We share your Personal Data with our Group Companies.

2.3. Newsletter

Description: You can sign up for our newsletter on our website so that we can keep you up to date on current developments and other information of interest to you.

Categories of Personal Data processed: Your contact data, in particular your e-mail.

Origin of Personal Data: We obtain your Personal Data from you.

Legal basis: We process your Personal Data based on your consent, Art. 6 (1) lit. a GDPR.

Purpose of processing: The aforementioned data will be processed by us for the following purposes:

· For sending and administration of our newsletter;

· Assertion of legal claims and defense in connection with legal disputes and official proceedings;

· For other administrative purposes.

Recipients of Personal Data: We share your Personal Data with our Group Companies as well as with selected service providers that we need to operate our website and to operate and administer the newsletter.

2.4. Contact requests via our website

Description: You have the possibility to contact us via our website by sending us an e-mail.

Categories of Personal Data processed: Your e-mail address and any Personal Data that you integrate into your inquiry.

Origin of Personal Data: We receive your Personal Data from you.

Legal basis: We process your Personal Data based on our legitimate interests, Art. 6 (1) lit. f GDPR, as well as to fulfill your request, Art. 6 (1) lit. b GDPR.

Purpose of processing: The aforementioned data will be processed by us for the following purposes:

· To process your respective request;

· To improve our offer or individualize our Website;

· Assertion of legal claims and defense in connection with legal disputes and official proceedings;

· For other administrative purposes.

Recipients of Personal Data: We share your Personal Data with our Group Companies.

3. Cookies and similar technologies

We do not use any cookies or similar technologies on our Website.

4. Automated decision making

We do not use automated decision making in the processing of your Personal Data on the website.

5. Cross-border data transmission

In principle, all Personal Data is stored on the internet computer in storage space, a type of blockchain developed by the Difinity Foundation ("Internet Computer") that is located and accessible world-wide and therefore also from countries that do not provide for an appropriate data protection from a British Virgin Island or European law perspective. We rely on your consent for us to transfer the data into this storage. You have the right to withdraw your consent at any time.

In some cases, especially our service providers or group companies, these providers or entities may be based outside the EU/EEA, so that the applicable laws require a different national level of data protection than that provided for in the BVI or within the EU and EEA. When transferring data to such countries, we try to ensure (e.g. by using appropriate contractual safeguards) that the recipients concerned guarantee an appropriate level of data protection comparable to that in the EU/EEA. A copy of the respective appropriate and adequate guarantees is available upon request.

6. Duration of data processing

Your Personal Data will be stored by us and/or our service providers exclusively to the extent necessary to fulfill our obligations. The Personal Data will be stored exclusively for the period necessary to achieve the purposes for which the Personal Data were collected. This is done in each case in accordance with applicable data protection law. When we no longer need your Personal Data, we delete it and/or take the necessary measures to properly anonymize it. This does not apply insofar as we are obliged to retain the data for a longer period of time, in particular in order to comply with statutory retention obligations. For example, Personal Data contained in contracts, communications and business letters may be subject to legal retention obligations that may require retention for up to 10 years. Otherwise, we generally delete other Personal Data 5 years after the end of the respective contractual relationship between you and us.

7. Rights of the data subjects

In accordance with and to the extent provided by applicable law (as in cases where the GDPR applies), you have the right to access, rectify and erase your Personal Data, the right to restrict processing or the right to object to our data processing; in addition, you may have the right to obtain certain Personal Data for transfer to another controller (data portability). If the processing of your data is based on consent, you also have the right to withdraw this consent. Please note, however, that we reserve the right to assert legal restrictions on our part. In addition, every data subject has the right to assert his or her rights in court or to file a complaint with the competent data protection authority in accordance with the applicable laws.

8. Data security

We have implemented appropriate technical and organizational security measures to protect your Personal Data from unauthorized access and misuse while they are with us, e.g. access controls and restrictions.

9. Changes to this Privacy Notice

We may change this Privacy Notice at any time and without prior notice. The current version published on our Website applies.

Last updated 1 year ago