1.Welcome!
This Privacy Policy (“Policy”) is here to help you understand how we collect, use, disclose, and process your Personal Information (as defined below) through our Service. We also describe your choices and rights with respect to how we process that Personal Information. Please read this Policy carefully.
2.Who we are
The Service is operated by MYA Cards LLC (“MYA Cards”, “us”, “our”, or “we”). We may be reached by email at privacy@myacards.com .
3.SCOPE & ACKNOWLEDGEMENT
MYA Cards is a real-world prehistoric trading card game with online services that allow players to claim ownership, verify the authenticity of their cards, and to manage their collections. This Policy applies to our website located at https://myacards.com/ (our “Site”) and any other website, application, or services where we post or link to this Policy (the “Service”).
This Policy does not apply to information processed by third parties, for example, when you visit a third-party website or interact with third-party sites, except to the extent those parties collect or process information on our behalf. Please review any relevant third party’s privacy policy for information regarding their privacy practices.
NOTE: your use of our Service indicates your acknowledgement of the practices described in this Policy.
4.Collection and Use of Personal Information
Categories of Personal Information We Collect
In order to provide our Service, we may collect and process information that relates to identified or identifiable individuals (“Personal Information”). We collect and process the following categories of Personal Information (note, specific Personal Information elements are examples and may change):
Contact Data - Identity Data used to contact an individual, e.g. email address, physical address, or phone number.
Device/Network Data - Personal Information relating to your device, browser, or application e.g. device identifiers, identifiers from cookies, session history and Service navigation metadata, wallet type, actions and clickstream data, and other data generated through applications and browsers, including via cookies and similar technologies.
General Location Data - Non-precise location data, e.g. location information derived from IP addresses.
Identity Data - Personal Information about you and your identity, such as your name or IP address.
Image Data – Images of Cards that you may upload to our Service in order to prove ownership or possession of cards.
Inference Data - Personal Information we create or use as part of a profile reflecting your preferences, characteristics, aptitudes, market segments, likes, favorites or your interests.
User Content - Personal Information included in content provided by users of the Service in any free-form or unstructured format, such as in a “contact us” box, free text field, in a file or document, or messages to us.
Sources of Personal Information
We collect Personal Information from various sources based on the context in which the Personal Information will be processed:
Data we collect from you - We collect Personal Information from you directly, for example, when you input information into an online form, or contact us directly.
Data collected automatically - We may collect certain Personal Information automatically. For example, we collect Device/Network Data automatically using cookies and similar technologies when you use our Service, access our Service, or when you open our marketing communications.
Data we receive from service providers - We receive Personal Information from service providers performing services on our behalf.
Data we create and infer - We, certain partners and third parties operating on our behalf, create and infer Personal Information such as Inference Data based on our observations or analysis of other Personal Information processed under this Policy, and we may correlate this data with other data we process about you.
Blockchain Data - We collect or create certain data that is stored on the MYA Cards Private Blockchain. This may include, for example, user (owner, purchaser, seller) IDs or wallet/account metadata, and transaction IDs, dates, and similar metadata that are created and maintained in connection with documentation of registrations, purchases, sales, or transfers of Cards on the MYA Cards Private Blockchain. Blockchain Data is associated with other data you have provided to us.
5.Data Processing Contexts / Notice at collection
Accounts & Registrations
We process Identity Data, Contact Data, Device/Network Data, Image Data (of the Card you claim), and Inference Data when you register and create an account on our Services. Additionally, when you register a Card, engage in any transactions for a Card, or otherwise associate Card or Card-related information with your account, we link that information to your account.
We use this Personal information to create and maintain your account, to provide the products and services you request, and for our Business Purposes. We process Device/Network Data, e.g. user-specific transaction metadata, to store, validate, and provide related Card services on the blockchain.
Note: when you associate a Card with your account or engage in a Card transaction, we maintain a record of ownership and the subsequent transactions on the MYA Cards Private Blockchain. Metadata associated with ownership and transactions are permanently stored MYA Cards Private Blockchain (visible to only authorized users), and cannot be deleted. You may close your account, or transfer ownership of your Cards; however, metadata that is linkable to your account, your Cards, and associated registrations and transactions may be retained indefinitely as part of the MYA Cards Private Blockchain.
Use of Online Services
When you use our Services, we automatically collect and process Identity Data and Device/Network Data. We use this data as necessary to initiate or fulfill your requests for certain features or functions through our Service, such as delivering pages, logging activities for security purposes, etc. We may also process this Personal Information for our Business Purposes .
Cookies and Similar Tracking Technologies
We process Identity Data, Device/Network Data, Contact Data, Inference Data, and General Location Data in connection with our use of cookies and similar technologies on our Services. We may collect this data automatically.
We and authorized third parties may use cookies and similar technologies for the following purposes:
- for “essential” purposes necessary for our Services to operate (such as maintaining user sessions, content delivery, and the like);
- for “functional” purposes, such as to enable certain features of our Services (for example, to allow a customer to view our Service in another language); and
- for “analytics” purposes and to improve our Services, such as to analyze the traffic to and on our Services (for example, we can count how many people have looked at a specific page, or see how visitors move around the Service when they use it, to distinguish unique visits/visitors to our Services, and what website they visited prior to visiting our Service, and use this information to understand user behaviors and improve the design and functionality of the Service);
We may also process this Personal Information for our Business Purposes. See your Rights & Choices for information regarding opt-out rights for cookies and similar technologies and in relation to Online Advertising.
Third parties may view, edit, or set their own cookies or place web beacons on our Services. We, or third party providers, may be able to use these technologies to identify you across platforms, devices, sites, and services. Third parties may combine this data with data that they receive from their own services. Third parties have their own privacy policies and their processing is not subject to this Policy.
Informational or Promotional Emails
We may process Identity Data, Device/Network Data, and Contact Data in connection with email communications relating to our Service, or if we send you promotional communications. You may receive such email communications if you contact us, choose to receive them, or interact with us in way that allows us to send you those communications. We may also automatically collect Device/Network Data when you open or interact with those communications so that we can better understand engagement with our communications. We may also process this Personal Information for our Business Purposes.
Contacting Us
When you contact us though the Service using a contact us box or via email, we process Personal Information such as Identity Data, Device/Network Data, and any Personal Information contained within any User Content. We use Identity Data, Contact Data, and User Content as necessary to communicate with you about the subject matter of your request and related matters. We may also process this Personal Information for our Business Purposes.
6.Purposes of Processing
Business Purposes
In addition to the processing described above, we generally process Personal Information for several common purposes in connection with our business (“Business Purposes”). Please see below for more information regarding the purposes for which we process your Personal Information.
Operate our Service and Fulfill Obligations - We process any Personal Information as is necessary to provide the Service, and as otherwise necessary to fulfill our obligations to you, e.g. to provide you with the information, features, and Services you request.
Internal Processes and Service Improvement - We may use any Personal Information we process through our Service as necessary in connection with our improvement of the design of our Service, understanding how the Service is used or functions, for customer service purposes, in connection with the creation and analysis of logs and metadata relating to Service use, and for ensuring the security and stability of the Service. Additionally, we may use Personal Information to understand what parts of our Service are most relevant to users, how users interact with various aspects of our Service, how our Service performs or fails to perform, etc.
Security and Incident Detection - We may process any Personal Information we collect in connection with our legitimate business interest in ensuring that our properties and locations are secure, identify and prevent crime, prevent fraud, and ensure the safety of our users. Similarly, we process Personal Information on our Service as necessary to detect security incidents, protect against, and respond to malicious, deceptive, fraudulent, or illegal activity. We may analyze network traffic, device patterns and characteristics, maintain and analyze logs and process similar Personal Information in connection with our information security activities.
Personalization - We process certain Personal Information as necessary to personalize our Service. For example, aspects of the Service may be customized to you so that it displays your account information and other appearance or display preferences, to display content that you have interacted with in the past, or to display content that we think may be of interest to you based on your interactions with our Service and other content. This processing may involve the creation and Personal Information that we infer based on your preferences.
Aggregate Analytics - We process Personal Information as necessary in connection with our creation of aggregate analytics relating to how our Service is used, the pages and content users view, and to create other reports regarding the use and performance of our Service, and other similar information and metrics. The resulting aggregate data will not contain information from which an individual may be readily identified.
Compliance, Safety & Public Interest - Note that we may, without your consent or further notice to you, and to the extent required or permitted by law, process any Personal Information subject to this Policy for purposes determined to be in the public interest or otherwise required by law. For example, we may process information as necessary to fulfil our legal obligations, to protect the vital interests of any individuals or otherwise in the public interest, or as required by a public authority. Please see the data sharing section for more information about how we disclose Personal Information in extraordinary circumstances.
Corporate Events - Your Personal Information may be processed as part of routine corporate operations, as part of corporate reorganizations, or any business transition, such as a merger, acquisition, liquidation, or sale of assets.
Other Processing of Personal Information - If we process Personal Information in connection with our Service in a way not described in this Policy, this Policy will still apply generally (e.g. with respect to your rights and choices) unless otherwise stated when you provide it.
7.Data Sharing
Information we collect may be shared with a variety of parties, depending upon the purpose for and context in which that information was provided. We generally transfer data to the categories of recipients or in connection with specific business purposes, described below.
Service Providers - In connection with our general business operations, product/service improvements, to enable certain features, and in connection with our other business interests, we may share Personal Information with service providers or subprocessors who provide certain services to us, or process data on our behalf. For example, we may use third party hosting providers to host our sites or content, and we may disclose information as part of our own internal operations, such as security operations, internal research, etc.
Corporate Events - Your Personal Information may be disclosed to a third party in the event that we go through a business transition, such as a merger, acquisition, liquidation, or sale of all or a portion of our assets. For example, Personal Information may be part of the assets transferred, or may be disclosed (subject to confidentiality restrictions) during the due diligence process for a potential transaction.
Affiliates - In order to streamline certain business operations and develop products and Service that better meet the interests and needs of our customers, we may share your Personal Information with any of our current or future affiliated entities, subsidiaries, and parent companies.
Legal Disclosures - In limited circumstances, we may, without notice or your consent, access and disclose your Personal Information, our correspondence with you, and any other information that we may have about you to the extent we believe such disclosure is legally required, to prevent or respond to a crime, to investigate violations of our Terms of Use, or in the vital interests of us or any person. Note, these disclosures may be made to governments that do not ensure the same degree of protection of your Personal Information as your home jurisdiction. We may, in our sole discretion (but without any obligation), object to the disclosure of your Personal Information to such parties.
Public Disclosures - We may display or share certain information relating to your public activity on the blockchain at your request, e.g. when you share a link to a code that corresponds to a Card you own with the public through our Service.
8.Your Rights & Choices
Your Rights
Applicable law may grant you rights in your Personal Information. These rights vary based on your location, state/country of residence, and may be limited by or subject to our own rights in your Personal Information. You may submit requests to exercise rights you may have by contacting us at privacy@myacards.com.
Note: We are able to fulfill rights requests regarding Personal Information that we control or process. We may not have access to or control over Personal Information controlled by third parties. Please contact the third party directly to exercise your rights in third party-controlled information.
Furthermore, the blockchain is an immutable database, meaning the data stored on the ledger is permanent and tamper-proof, and its history cannot be modified or changed after its creation. Consequently, we are not able to fulfill requests to delete Personal Information that may be stored on the blockchain.
Verification Requirements
All rights requests we receive directly must be verified to ensure that the individual making the request is authorized to make that request, to reduce fraud, and to ensure the security of your Personal Information. For example, we may require that you verify that you have access to the email on file in order to verify your identity. If an agent is submitting the request on your behalf, we reserve the right to validate the agent’s authority to act on your behalf.
Your Choices
You may have the following choices regarding the Personal Information we process, to the extent required under applicable law:
Consent - If you consent to our processing of Personal Information, you may withdraw your consent at any time by contacting us. We will respond to your request in the time required under applicable law.
Email Marketing - You have the choice to opt-out of or withdraw your consent to email marketing communications. You may exercise your choice via the links in our communications.
Cookies & Similar Technologies - If you do not want information collected through the use of cookies and similar technologies, you can manage/deny cookies and certain similar technologies using your browser’s settings menu or through cookie settings we may make available from time to time. You must opt out of the use of some third party Service directly via the third party. For example, to opt-out of Google’s analytic and marketing services, visit Google Analytics Terms of Use, the Google Privacy Policy, or Google Analytics Opt-out.
9.Security
We implement and maintain reasonable security measures to safeguard the Personal Information you provide us. However, we sometimes share Personal Information with third parties as noted above, and though we may take certain measures to help ensure the security of your Personal Information, we do not control third parties’ security processes. We do not warrant perfect security and we do not provide any guarantee that your Personal Information or any other information you provide us will remain secure.
10.Data Retention
We retain information for so long as it, in our discretion, remains relevant to its purpose, and in any event, for so long as is required by law. We will review retention periods periodically, and may sometimes pseudonymize or anonymize data held for longer periods, if appropriate.
11.Minors
Our Service is neither directed at nor intended for use by minors under the age of 13. Minors who are at least 13 years old but are under 18 years old may use our Services, but only with the supervision of a parent or guardian. If a child under 13 submits identifiable information to us and we learn that the identifiable information is the information of a child under 13, we will attempt to delete the information as soon as possible. If you believe that we might have any identifiable information from a child under 13, please contact us.
12.International Transfers
We primarily operate in and use service providers located in the United States and Singapore. You acknowledge that your Personal Information may be processed in the country in which it was collected, the U.S. or Singapore. These countries may not provide the same legal protections guaranteed to Personal Information in your country. Contact us for more information regarding international data transfers.
13.Changes to Our Policy
We may change this Policy from time to time. Please visit this Policy regularly so that you are aware of our latest updates. Your use of the Service following notice of any changes indicates acceptance of any changes.
14.Contact Us
Feel free to contact us with questions or concerns at privacy@myacards.com.