Pirate Nation Foundation logo

PIRATE NATION FOUNDATION PRIVACY POLICY

Last Updated: 26 April 2024

This Privacy Policy describes how the Pirate Nation Foundation (the “Foundation”) collects, uses and shares personal information in connection with its websites and services (collectively, the “Services”).

For the purposes of this Policy, "we", "us" or "our" means the Foundation, a Cayman Islands foundation company, and our personnel, affiliates and related companies. "You” and “your” refers to you as the user of the Services. Capitalized terms have the meanings provided in the Definitions section of this Policy, elsewhere in this Policy, or in the Terms of Use. Please read the Terms of Use alongside this Privacy Policy.

Please read this Policy carefully. By using, accessing, connecting to, or downloading any of the Services, you agree and consent to the collection, use, protection, and disclosure of your information as described in this Policy. If you do not agree to this Policy, please do not use, access, connect to, or download any of the Services.

  1. INTRODUCTION

    1. This Privacy Policy describes the Foundation’s collection and use of Personal Data; the circumstances under which the Foundation may share Personal Data; certain principles, rights, protections, and obligations with respect to Data Subjects; and the Foundation's safeguards to protect Personal Data.
    2. This Privacy Policy takes into account the requirements of the Cayman Islands Data Protection Act 2021 ("DPA") and general Privacy Principles. In addition, individuals located in the European Union ("EU) and the United Kingdom ("UK") may also have rights under the EU General Data Protection Regulation 2016/679 and the UK General Data Protection Regulation (collectively the "GDPR"). Appendix 1 outlines the details of these additional rights.
  2. DEFINITIONS

    1. Controller” means a natural or legal person, public authority, agency, or other body that, independently or jointly with others, determines the purpose and means of Processing Personal Data, as defined in Data Protection Laws. Controller shall refer to the Foundation, and with regard to certain Processes, the Foundation may act as joint Controller with a third-party.
    2. Data Protection Laws” refer to applicable privacy legislation, regulations, or codes issued by data protection regulators.
    3. Data Subject” means a natural person who can be identified, directly or indirectly, by reference to their Personal Data.
    4. "Personal Data" as used in this Privacy Policy means information or an opinion, whether true or not, and whether recorded in a material form or not, about an identified individual or an individual who is reasonably identifiable, and includes anything defined as personal information, personal data under the GDPR, personally identifiable information or similar terms under applicable law.
    5. Processing,” (or to “Process”) means obtaining, recording or holding Personal Data, or carrying out any operation or set of operations on Personal Data, including – organising, adapting or altering the personal data; retrieving, consulting or using the Personal Data; disclosing the Personal Data by transmission, dissemination or otherwise making it available; or aligning, combining, blocking, erasing or destroying the Personal Data.
    6. Processor” means a natural or legal person that Processes Personal Data on behalf of a Controller, including any third-party service providers, applications, or agencies, but, for the avoidance of doubt, does not include an employee of the Controller. A Processors’ activities are limited to the more “technical” aspects of a Process and do not include the exercise of professional judgment or significant decision-making in relation to Personal Data.
  3. DATA PROTECTION PRINCIPLES

    1. We are committed to processing data in accordance with its responsibilities under the Data Protection Laws, and in particular with the following principles:
      1. fair, lawful and transparent processing;
      2. collection for a specified, explicit and legitimate purposes and no further processing in a manner that is incompatible with the specified purposes;
      3. limitation to what is adequate, relevant and necessary in relation to the purposes for which the Personal Data are processed;
      4. keep Personal Data accurate and up to date;
      5. keep Personal Data only for as long as is necessary or legally required;
      6. process Personal Data in a manner that ensures appropriate security, including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures;
      7. process Personal Data in accordance with the rights of the Data Subject; and
      8. ensure an adequate level of data protection when transferring Personal Data.
  4. HOW WE COLLECT AND PROCESS PERSONAL DATA

    1. We may collect and process Personal Data in a variety of ways when you access, use, connect to, or interact with the Services, including:
      1. when you voluntarily provide information to us on our website, or through our Services, or participate in any of our functions, events or activities online or in person;
      2. when you indirectly provide information to us while interacting with our Services, such as in online enquiries or
      3. when a third party service provider or data process collections Personal Information from you on our behalf, such as details of your sue of our website from cookie providers and marketing providers.
      4. when information is available from publicly available sources, such as information from social media accounts and providers, as may be relevant to your interactions with us.
  5. PERSONAL DATA

    1. The types of Personal Data we collect about you may include:
      • Information you provide to us, such as:
        1. Contact details and registration information, such as email address, username, and public contact information you provide;
        2. Payment and transaction information, such as your account information, ETH wallet information, payment information, and information regarding transaction amounts and history. Please note that to effect cryptocurrency transactions, we work with, among others, the third-party electronic wallet extension, MetaMask;
        3. Communications that we exchange with you, including when you contact us with questions, feedback, or otherwise;
        4. Marketing data, such as your preferences for receiving our marketing communications, and details about your engagement with them;
        5. User generated content that you choose to post on the Services. Such content may be viewable publicly, and by other users of the Services;
        6. Other data not specifically listed here, which we will use as described in this Privacy Policy or as otherwise disclosed at the time of collection.
      • Information from third party sources, such as:
        1. When you link, connect, or login to the Services with a third party service, such as Twitter or Discord, you direct these services to send us information associated with your account, as controlled by them or as authorized by you via your privacy settings on their services.
        2. information on social media platforms, such as Twitter, Medium, Discord, and YouTube. When you visit or interact with our pages on those platforms, the platform provider’s privacy policy will apply to your interactions and their collection, use and processing of your personal information. You or the platforms may provide us with information through the platform, and we will treat such information in accordance with this Privacy Policy.
        3. personal information obtained from other third parties, such as publicly-available sources and data providers.
      • Information we obtain automatically, such as:
        1. Device data, such as your computer’s or mobile device’s operating system type and version, manufacturer and model, browser type, screen resolution, RAM and disk size, CPU usage, device type (e.g., phone, tablet), IP address, unique identifiers (including identifiers used for advertising purposes), language settings, mobile device carrier, radio/network information (e.g., WiFi, LTE, 3G), and general location information such as city, state or geographic area.
        2. Online activity data, i.e. pages or screens you viewed, how long you spent on a page or screen, the website you visited before browsing to the Services, navigation paths between pages or screens, information about your activity on a page or screen, access times, and duration of access, and whether you have opened our marketing emails or clicked links within them.
    2. ‍We may collect these types of personal information directly from you or from third parties. We may aggregate Personal Data for reporting, statistical and analysis purposes, and for business, product and service improvement purposes. This allows us to better inform ourselves and anticipate our users' preferences and requirements, and to monitor and improve the effectiveness of our business, products and services. We may also de-identify information for inclusion in such aggregated databases or reports.
  6. COLLECTION AND USE OF PERSONAL DATA

    1. We may collect, hold, use and disclose personal information for the following purposes:
      1. to provide, operate, maintain, secure and improve our Services;
      2. to provide information about our Services;
      3. to enable you to perform transactions on the Services;
      4. to communicate with you about our Services, including by sending you announcements, updates, security alerts, and support and administrative messages;
      5. to understand your needs and interests, and personalize your experience with our Services and our communications;
      6. to respond to your requests, questions and feedback;
      7. where you are playing games connected to our Services, to enable you to communicate with other Services users;
      8. to compare information for accuracy and verification purposes, including verifying your identity based on information you have provided to us (where relevant);
      9. for analytics, market research and business development, including to operate and improve our Services, associated applications and associated social media platforms;
      10. for advertising and marketing, including to send you promotional information about our products and services and information about third parties and their products and services related to Pirate Nation that we consider may be of interest to you;
      11. for internal record keeping, administrative purposes, invoicing and billing purposes;
      12. to carry out appropriate administration in relation to our investors and to communicate with regulators;
      13. to investigate, review, mitigate risks associated with, and inform you or appropriate authorities of, any data or other security breach involving your personal information;
      14. to comply with our legal obligations and resolve any disputes that we may have;
      15. to identify, prevent and respond to fraud and abuse, and otherwise protect our users, our property and our rights;
      16. if otherwise notified to you at the time of collection, or in accordance with any agreement you enter into with us.
  7. LEGAL BASIS FOR PROCESSING PERSONAL DATA

    1. We consider it necessary to collect and use your Personal Data for the purposes described, and we do so on the following legal bases:
      1. Consent: You as a Data Subject have agreed and consented to the Processing of your Personal Data for specified purposes.
      2. Contractual Necessity: Processing is necessary for the performance of a contract to which you as a Data Subject is party or for the Foundation or its service providers to responsibly enter into a contract.
      3. Compliance with Legal Obligations: Processing is necessary for compliance with applicable laws, lawful requests, and legal process, such as to respond to subpoenas or requests from government authorities.
      4. Vital Interests: Processing is necessary in order to protect the vital interests or rights (such as rights to property, safety and privacy) of you as a Data Subject or of another natural person.
      5. Public or Legitimate Interests: Processing is necessary for the performance of a task carried out in the public interest or is necessary for legitimate interests pursued by the Foundation or a third party, except where such interests are outweighed by your countervailing interests or fundamental rights and freedoms as a Data Subject and require protection of your Personal Data from Processing. Without limitation, our legitimate interests may include auditing our internal processes for compliance with legal and contractual requirements and internal policies; enforce the terms and conditions that govern the Services; and preventing, identifying, investigating and deterring fraudulent, harmful, unauthorized, unethical or illegal activity, including cyberattacks and identity theft.
    2. The Processing of Personal Data may be permissible under multiple of the above categories.
  8. CHILDRENS’ PRIVACY AND DATA PROTECTION

  9. THE SERVICES ARE NOT INTENDED FOR USE BY CHILDREN UNDER 18 YEARS OF AGE. IF WE LEARN THAT WE HAVE COLLECTED PERSONAL INFORMATION THROUGH OUR SERVICES FROM A CHILD UNDER 18 WITHOUT THE CONSENT OF THE CHILD’S PARENT OR GUARDIAN AS REQUIRED BY LAW, WE WILL DELETE IT.

  10. YOUR RIGHTS AS A DATA SUBJECT

    1. By notice in writing to the Controller, you may be entitled to receive, in an intelligible form, the Personal Data we hold about you; the legal basis for collecting that Personal Data; and any information available to us as to the source of that Personal Data, provided that the Personal Data can be disclosed without disclosing Personal Data of another Data Subject. We may require further information from you in order to be satisfied as to your identity, or in order to locate the information sought, and we are not obliged to provide you with Personal Data unless you satisfy our requirements. We will endeavour to respond to a request for Personal Data within 30 days.
    2. By notice in writing to the Controller, you may be entitled to require us to cease processing, or not to begin processing, or to cease processing for a specified or purpose, or in a specified manner, your Personal Data. We shall comply with your request unless the Processing is necessary for the performance of a contract to which you are a party; the processing is necessary for compliance with any obligation to which you are subject; the processing is necessary in order to protect your vital interests; or the processing is necessary in such other circumstance as may be prescribed by regulations.
    3. By notice in writing to the Controller, you may be entitled to correct any error or omission in your Personal Data in the possession of or under the control of the Foundation. As far as is practicable, we shall comply with your request, inform you of the correction and inform third parties to whom the data has been disclosed. We will make a reasonable effort to verify that your Personal Data Processed by or on behalf of the Foundation is accurate and complete. Personal Data is generally obtained directly from you as the Data Subject.
    4. In the case of a known data breach involving any loss, misuse, or alteration of your Personal Data that is likely to result in a material risk to your rights and freedoms, and unless Data Protection Laws require otherwise, the Foundation will use reasonable endeavours to notify you and applicable supervisory or data protection authorities within five days barring exigent circumstances.
    5. Further rights may apply to you under Data Protection Laws applicable in your jurisdiction.
  11. DISCLOSURE OF PERSONAL INFORMATION TO THIRD PARTIES

    1. Without limitation, we may disclose personal information:
      1. to Affiliates. Our corporate affiliates, for purposes consistent with this Privacy Policy.
      2. At your direction. When you use our Services to engage with third-parties, such as wallets, and other users, you direct us to share your information with them to provide the Services you request.
      3. to Service providers. Companies and individuals that provide services on our behalf or help us operate our Services or our business (such as hosting, information technology, customer support, email delivery, and website analytics services).
      4. to Professional advisors. Professional advisors, such as lawyers, auditors, bankers and insurers, where necessary in the course of the professional services that they render to us.
      5. to Authorities and others. Law enforcement, government authorities, and private parties, as we believe in good faith to be necessary or appropriate for the compliance and protection purposes described above.
      6. to Business transferees. Acquirers and other relevant participants in business transactions (or negotiations for such transactions) involving a corporate divestiture, merger, consolidation, acquisition, reorganization, sale or other disposition of all or any portion of the business or assets of, or equity interests in, Pirate Nation or our affiliates (including, in connection with a bankruptcy or similar proceedings).
    2. Without limitation, you may share information the Services:
      1. to Third-party platforms. By enabling features or functionality that connect your account to a third-party platform (such as by logging in to the Services with your Twitter or Discord account), you chose to disclose certain of your personal information to those services. We do not control those third parties’ use of your personal information.
      2. to Other Pirate Nation users. When you use the Services, you may share certain information with the Pirate Nation community. This information may include your profile information and other content you choose to submit on the Services.
  12. NOTE ON DATA TRANSFERS TO THE USA

    1. By using our Services, you understand and acknowledge that your personal information may be transferred from your location to servers in the United States. In the USA, Data Subjects may not have legal remedies that allow them to obtain access to the data concerning them and to obtain their correction or deletion. Similarly, there may be no effective judicial legal protection against general access rights of US authorities. Insofar as any third-party recipients of Personal Data are based in the USA, the Foundation will use reasonable endeavours to ensure that your Personal Data is appropriately protected through contractual arrangements, but we make no guarantee.
  13. SECURITY

    1. We employ a number of technical, organizational and physical safeguards designed to protect the personal information we collect. However, no security measures are failsafe and we cannot guarantee the security of your personal information.
  14. THIRD PARTY WEBSITES AND SOCIAL MEDIA

    1. Our Services may contain links to websites and other online services operated by third parties. In addition, our content may be integrated into web pages or other online services that are not associated with us. These links and integrations are not an endorsement of, or representation that we are affiliated with, any third party. We do not control websites or online services operated by third parties, and we are not responsible for their actions. We do not guarantee and are not responsible for the privacy or security of these sites, including the accuracy, completeness, or reliability of information found on these sites.
    2. Certain transactions conducted via our Services will require you to connect a compatible third-party digital Wallet to the Services. By using such Wallet to conduct such transactions via the Services, you agree that your interactions with such third-party Wallets are governed by the privacy policy for the applicable Wallet, and you agree that you are using the Wallet in accordance with the terms and conditions of the applicable third-party provider of such Wallet. Wallets are not maintained or supported by, or associated or affiliated with, the Organization. We expressly disclaim any and all liability for actions arising from your use of third-party Wallets, including but without limitation, actions relating to the use and/or disclosure of personal information by such third-party Wallets.
  15. COOKIES AND AUTOMATIC TRACKING

    1. When you browse, access and use our website, we may make use of the standard practice of placing tiny data files called cookies, flash cookies, pixel tags, or other tracking tools (herein, "Cookies") on your computer or other devices used to visit the website. Cookies are small bits of information that are automatically stored on the web browser of your device that can be retrieved by us. Further information can be found on https://allaboutcookies.org/.
    2. The type of information we collect includes, but is not limited to, uniquely identifying visitor information and information related to your usage preferences. We use these technologies to help us recognise you as a user, collect information about your use of the website to better customise our services and content for you, and collect information about your computer or other access devices to ensure that your account security has not been compromised by detecting irregular or suspicious account activities. By using the Platform, you agree and understand that we may collect and/or transmit any data collected to our third party service providers, such as analytics providers, which may also make use of such technologies described above. If you block or delete cookies, we may not be able to provide you with all of the services on the website.
    3. In addition to cookies, we use Local storage technologies, like HTML5, that provide cookie-equivalent functionality but can store larger amounts of data, including on your device outside of your browser in connection with specific applications. We also use Web beacons, also known as pixel tags or clear GIFs, which are used to demonstrate that a webpage or email was accessed or opened, or that certain content was viewed or clicked.
    4. The legal basis for processing data for the above purposes is your consent, which you give us by accepting the Terms of Use of the website. You can revoke your consent at any time by contacting us.
  16. YOUR CHOICES

    1. If you use our website or our Services, you may:
      1. review and update certain personal information in your account profile by logging into the account.
      2. opt out of marketing-related email communications by following the opt out or unsubscribe instructions contained in the marketing communications we send you.
      3. block our websites from setting cookies by using a browser with privacy features, like Brave, or installing browser plugins like Privacy Badger, Ghostery, or uBlock Origin, and configuring them to block third party cookies/trackers.
      4. Block cookies in your browser. Most browsers let you remove or reject cookies. To do this, follow the instructions in your browser settings. Many browsers accept cookies by default until you change your settings. For more information about cookies, including how to see what cookies have been set on your device and how to manage and delete them, visit https://www.allaboutcookies.org/. Note that because these opt out mechanisms are specific to the device or browser on which they are exercised, you will need to opt out on every browser and device that you use.
    2. Some Internet browsers may be configured to send "Do Not Track" signals to the online services that you visit. We currently do not respond to "Do Not Track" or similar signals. To find out more about "Do Not Track", please visithttp://www.allaboutdnt.com.
  17. CHANGES TO THIS PRIVACY POLICY

    1. The Foundation may update this policy from time to time, to reflect changes in applicable Data Protection Laws and/or in the Foundation’s privacy or data-protection practices or security measures.
    2. If we make material changes to the Policy, we will update the “Last Revised” date at the top of this Policy, use reasonable efforts to notify you (such as by posting notice of such changes on the Services or by other means consistent with applicable law), and take additional steps as required by applicable law.
    3. If you do not agree to any updates to this Policy, please do not access or continue to use the Services. The use of the Foundation’s website or our Services after any updates constitutes an acknowledgement of having read and understood the Policy.
  18. IF YOU CONTACT US

    1. You have the possibility to contact the Foundation, including via email and Social Media.
    2. You are responsible for the messages and/or transmitted content that you send to the Foundation. The Foundation recommends that you do not send any confidential data. Personal Data is only collected if you provide it to the Foundation voluntarily. Therefore, you yourself are responsible for what data you transmit to the Foundation. In order to be able to answer your questions, the Foundation may ask you to provide additional information. The Foundation only collects Personal Data from you if this is necessary to answer your questions or to provide the services you have requested.
    3. When processing your enquiries, the Foundation has a legitimate interest in data processing. You can object to this data processing at any time by contacting us.
  19. CONTACT

    1. Please direct any questions or comments about this Policy or privacy practices to hello@piratenation.foundation.
    2. If you have an unresolved privacy or data use concern that we have not satisfactorily addressed, please contact the data protection regulator in your jurisdiction.

Addendum 1 – Additional information and rights relating to individuals located in the EU and UK

This Addendum applies only if the processing of your data falls under the GDPR’s scope of application (e.g., if you are a resident of the EU or in the UK).

You may have additional rights under GDPR as listed below. To exercise your rights available under GDPR, please contact the Controller.

  1. You have the right to obtain from us at any time upon request information about the personal data we process concerning you within the scope of Art. 15 GDPR.
  2. You have the right to demand that we immediately correct the personal data concerning you if it is incorrect.
  3. You have the right, under the conditions described in Art. 17 GDPR, to demand that we delete the personal data concerning you. These prerequisites provide in particular for a right to erasure if the personal data are no longer necessary for the purposes for which they were collected or otherwise processed, as well as in cases of unlawful processing, the existence of an objection or the existence of an obligation to erase under Union law or the law of the Member State to which we are subject.
  4. You have the right to demand that we restrict processing in accordance with Art. 18 GDPR.
  5. You have the right to receive from us the personal data concerning you that you have provided to us in a structured, commonly used, machine-readable format in accordance with Art. 20 GDPR.
  6. You have the right to object at any time, on grounds relating to your particular situation, to the processing of personal data concerning you which is carried out, inter alia, on the basis of Article 6 (1) sentence 1 lit. f GDPR, in accordance with Article 21 GDPR.
  7. You have the right to contact the competent supervisory authority in the event of complaints about the data processing carried out by the controller.
  8. If the processing of personal data is based on your consent, you are entitled under Art. 7 GDPR to revoke your consent to the use of your personal data at any time with effect for the future, whereby the revocation is just as easy to declare as the consent itself. Please note that the revocation only takes effect for the future. Processing that took place before the revocation is not affected.