Privacy Policy

LEGAL NOTICE

The The_Chain is service is provided by company Scratch Tech SAS.

Scratch Tech SAS is a simplified joint stock company (société par actions simplifiée) with a share capital of 1000 €, registered with the Nanterre Trade and Companies Register under number 977 574 516, whose registered office is located at LEVALLOIS-PERRET, France (hereinafter, the “company”). Contact : [email protected].

1. Foreword

The Company enables users (hereinafter the “User”) registered on the website the-chain.xyz (hereinafter the “Website”) to benefit from an enhanced user interface. The Website provides an artwork submission service to its users registered as “Artists” and a way to buy artworks under the form of a non-fungible token (NFT) to its Users registered as “collectors” or “artists” (the aforementioned activities, collectively, the “Services”).

In order to make use of the Services, Users shall create an account on the Website. Each account is equipped with a login/password mechanism or wallet connection service to secure access to user’s private assets and information.

For more information regarding the Services, you are invited to read the Terms and Conditions.

The Company firmly believes that trust is key to relationships with you. In this respect, the protection of your personal data and privacy is our top priority.

This is why the Company puts great emphasis on collecting and processing your personal data with utmost care and in compliance with the applicable legal framework.

To inform you transparently, the Company has implemented the privacy policy below, which explains in detail why and how your personal data are processed where you use our Services.

2. Scope

This privacy policy (hereinafter the “Policy”) is intended to inform you, as a visitor or a User of the Services, through any terminal, application, device (hereinafter the “Equipment”), including with an account, about the way the Company processes, as controller, information enabling to identify you either directly or indirectly (hereinafter “Personal Data”) in the context of your use of the Services.

By agreeing on this Policy, the User allows the use of Personal Data by the Company in line with this Policy.

The Policy is accessible at any time on the Website and prevails over any previous version.

The Policy may evolve. The up-to-date version is the one available on the Website.

3. Data collected and Purposes

The Company processes Personal Data for special purposes, each of them being duly legitimated by a valid legal basis.

First, as a User, you may have created an account enabling you to access the Services. In order to manage this account from creation to deletion, the Company will collect and process identification Personal Data (i.e. your wallet address, name and biography).

· The legal basis of this processing is the requirement for the Company to execute a contract you are a party to.

Second, the Company is willing to understand how users interact with its Services and need to process various browsing information resulting from Cookies (see Article 8) which qualify as Personal Data, for the performance of analytic operations related to the Services’ use.

· In this respect, the legal basis the Company relies upon its legitimate interest which consists of (i) understanding the way its Services agreed by Users; and (ii) improving the Services where needed.

Third, the Company collects and processes User’s Personal Data for the use of the Services. This processing requires the Company to collect and process the following categories of Personal Data: for the service (username, contact details, wallet address, digital media, target hash), for fraud prevention (any information added for the creation of an account, including your username, account details and transaction details)

· The legal basis on which the Company relies for this purpose is the performance of a contract to which you are a party.

Lastly, the Company collects and processes User’s Personal Data for managing and following up any questions and/or requests Users may submit. As such, please note that this processing is only carried out in the event you submit a question and/or request. Otherwise, your Personal Data is not processed for this purpose.

· This processing requires the Company to collect and process the following categories of Personal Data: (i) identification data (i.e. your username and your contact details) and (ii) the content of the message(s) you sent to the Company as part of your question/request.

· While processing your Personal Data for this purpose, the Company relies on its legitimate interest, which consists in duly managing its relationships with you.

· The User is under no obligation to provide the requested Personal Data. Nevertheless, the Company draws the User’s attention that, in such case, access to some Services may be altered, if not impossible.

· In any event, and disregarding the processing purpose at stake, please note that the Company will comply with a strict data minimization principle and will thus only collect and process Personal Data which is necessary for the above purposes.

4. Data recipients

The Company shares your Personal Data with third-party service providers and suppliers which assist the Company for fulfilling the purposes specified in this Policy.

Furthermore, the Company may have to share your Personal Data with competent courts and any other governmental and/or public authorities requesting access to your Personal Data, within the extent legally permitted.

In any event, the Company communicates your Personal Data to the above recipients on a strictly need-to-know basis and only as necessary for fulfilling duly identified processing purposes.

5. Storage period

The Company stores Personal Data for a limited duration, not exceeding the fulfilment of purposes described in Article 3 of this Policy.

Nevertheless, the Company may store some Personal Data for a longer duration than required in the immediate and current needs due to legitimate interests and legal obligations.

6. Subcontracting and Data transfer

The Company may use service providers and other third parties to facilitate, maintain, improve, analyze and secure the use of the Website and its Services. The service providers may have access to Personal Data for the sole and exclusive purpose of carrying out the missions assigned to them. The Company ensures that the service providers have sufficient guarantees for the performance of the mission and comply with the applicable laws and regulations.

The Personal Data may be processed outside the European Union territory. In that situation, the Company shall take all necessary precautions and alternatively or cumulatively ensure that an adequacy decision has been taken by the European Commission regarding the country of destination; that contractual clauses adopted by the European Commission or the supervisory authority have been signed with the recipient; that the recipient adhered to an approved code of conduct or certification mechanism.

7. Rights of the User

The User is informed that he has a right of access, a right to rectification and erasure, a right to restriction of processing, a right to Personal Data portability under the conditions provided for in articles 15 to 22 of Regulation 2016/679 of 27 April 2016.

To exercise his rights or for any question on Personal Data protection, the User shall make a request accompanied by proof of identity by mail addressed to Scratch Tech by email at [email protected].

The Company shall strive to reply without undue delay and at the latest within one month of receipt of the request. The Company reserves the right to extend this period to three (3) months in the case of a complex request.

Finally, the User has the option to refer to the competent supervisory authority, the Commission Nationale Informatique et Libertés (“CNIL”), in order to submit a claim.

The Company is committed to protect your Personal Data and comply with the applicable data protection legal framework.

This is the reason why the Company requires your assistance to this end. Thus, you commit to inform the Company in case the Personal Data you shared with the Company would become obsolete or inaccurate.

In addition, in the event you would provide the Company with information enabling to identify directly or indirectly any other natural persons (e.g. you sent a request to the Company with the contact email address available on the Services and share personal data concerning another natural person in your email), you represent and warrant that, prior to sharing this information with the Company, such other natural persons have been provided with this Policy and, to the extent applicable, have consented to the processing of their data.

8. Cookies

The User is informed that information may be transmitted to his browser by the Services (“Cookies”). When the User browses the Services for the first time, a Cookie banner may display requesting the User to accept Cookies or to configure them.

9. Google Analytics

Scratch tech uses the services of the American company Google Inc. The Google Analytics service makes it possible to count visitors and identify how they use the site. These cookies are placed and read on the user’s terminal equipment and as soon as the user accesses a website using the « Google Analytics » service.

The maximum storage period for Cookies is thirteen (13) months from the time they are placed on the browser of the User or his Equipment. At the end of this period, new consent will be required.

The User may accept, refuse and delete certain or all Cookies.

The User is informed that the refusal of certain Cookies may affect Services provided and navigation on the Website.