This Privacy Policy is part of the Arch Terms of Service. All terms, conditions, and terminology are consistent with the Terms of Service, and the Terms of Service are incorporated into this document by reference. The Arch website at [https://www.arch.finance] and the Arch decentralized applications (“or dApps”) accessible at [https://beta.archfinance.io] and other services (collectively, our “Services”) collect, store, and use information about you as noted in this document. Any reference to “we” or “us” means Arch OTC LLC., a Delaware company and the Arch website and dApps.
Blockchain technology, also known as distributed ledger technology (or simply ‘DLT’), is at the core of our business. Blockchains are decentralized and made up of digitally recorded data in a chain of packages called ‘blocks’. The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several ‘nodes’ which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralized place where it is located either.
This means that by design, a blockchain’s records cannot be changed or deleted and is said to be ‘immutable’. This may affect your ability to exercise your rights such as your right to erasure (‘right to be forgotten’), or your rights to object, or restrict processing of your personal data. Data on the blockchain can’t be erased or changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.
In certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens) it will be necessary to write certain personal data, such as your wallet address, onto the blockchain; this is done through a smart contract and requires you to execute such transactions using your wallet’s private key.
In most cases ultimate decisions to (i) transact on the blockchain using your wallet address, as well as (ii) share the public key relating to your wallet address with anyone (including us) rests with you.
If you want to ensure your privacy rights are not affected in any way, you should not transact on blockchains as certain rights may not be fully available or exercisable by you or us due to the technological infrastructure of the blockchain. The blockchain is available to the public and any personal data shared on the blockchain will become publicly available.
Information and content you provide. We collect the content, communications and other information you provide when you use our Services, including when you sign up for an account, create or share content, and message or communicate with others.
- Your usage. We collect information about how you use our Services, such as the types of content you view or engage with; the features you use; the actions you take; the people or accounts you interact with; and the time, frequency and duration of your activities.
- Information about transactions made on our Services. If you use our Services for transactions of any kind (such as when you engage with Smart Contracts in the dApps), we collect information about them.
- Things others do and information they provide about you. We also receive and analyze content, communications and information that other people provide when they use our Services.
- Ethereum Address (Public Key or ENS domain)
We do not knowingly collect information from anyone under the age of 13. If you believe information about a person under the age of 13 has been collected by us, please contact us at [email protected] to request deletion of the relevant information.
As described below, we collect information from and about the computers, phones, and other web-connected devices you use that interact with our Services, and we combine this information across different devices you use. Information we obtain from these devices includes:
- Device attributes: information such as the operating system, hardware and software versions, battery level, signal strength, available storage space, browser type, app and file names and types, and plugins.
- Device operations: information about operations and behaviors performed on the device, such as whether a window is foregrounded or backgrounded, or mouse movements (which can help distinguish humans from bots).
- Identifiers: unique identifiers, device IDs, and other identifiers.
- Device signals: Bluetooth signals, and information about near by Wi-Fi access points, beacons, and cell towers.
- Data from device settings: information you allow us to receive through device settings you turn on, such as access to your GPS location, camera or photos.
- Network and connections: information such as the name of your mobile operator or ISP, language, time zone, mobile phone number, IP address, connection speed and, in some cases, information about other devices that are nearby or on your network.
- Cookie data: data from cookies stored on your device, including cookie IDs and settings.
The website and dApps use Google Analytics to gather information about the computers and devices that connect to them. The website and dApps also uses Google Fonts as part of their function. Although Google Analytics plants a permanent cookie on your web browser to identify you as a unique user the next time you visit this site, the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics and Google Fonts about your visits to this site is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. You can prevent Google Analytics from recognizing you on return visits to this site by disabling cookies on your browser.
- We may use CoinGecko to facilitate our services. In the process, CoinGecko may collect information about you. Information collected by CoinGecko is subject to and under the terms of CoinGecko’s Terms and Conditions and Privacy Policy.
- We may ask you to provide your email address to facilitate your interaction with our services. If you provide your email address, we may periodically send you emails as part of our service offering and to let you know about new features and other services we may provide in the future. You may unsubscribe from such emails at any time at [link]. We will never sell your email address or transfer it to any third party except to facilitate sending emails as described.
When using the dApps, we may collect and process personal data. The data will be stored in different instances. We collect and use this information to provide you the dApps and to debug issues and provide support for the dApps.
1. On the Blockchain the following data may be stored:
- your smart contract address, if any;
- addresses of externally owned accounts
- transactions made; and
- Eth and token balance.
Given the technological design of the blockchain, this data will become public and it will not likely be possible to delete or change the data at any given time.
2. In our web servers, we will store the following data:
- your smart contract address;
- addresses of externally owned accounts; and
- transactions made.
3. Log Data
- your smart contract address;
- the Internet protocol address (“IP address”); and
- transaction id/ Hash.
We use the information we have (subject to choices you make) as described below and to provide and support the Services. Here's how:
Provide, personalize and improve our Services.
We use the information we have to deliver our Services, including to personalize features and content.
- Information across devices: We connect information about your activities on different devices to provide a more tailored and consistent experience.
- Location-related information: We use location-related information-such as your current location, where you live, the places you like to go, and the businesses and people you're near-to provide, personalize and improve our Services.
- Product research and development: We use the information we have to develop, test and improve our Services, including by conducting surveys and research, and testing and troubles hooting new products and features.
Provide measurement, analytics, and other business services.
We use the information we have (including your activity on our Services) to help advertisers and other partners measure the effectiveness and distribution of their ads and services, and understand the types of people who use their services and how people interact with their websites, apps, and services.
The website and dApps use Google Analytics to gather information about their use. Google Analytics collects information such as how often users visit this site, what pages they visit when they do so, and what other sites they used prior to coming to this site. The website and dApps use the information we get from Google Analytics only to improve this site. Google Analytics collects only the IP address assigned to you on the date you visit this site, rather than your name or other identifying information.
Promote safety, integrity and security.
We use the information we have to verify accounts and activity, combat harmful conduct, detect and prevent spam and other bad experiences, maintain the integrity of our Services, and promote safety and security.
Communicate with you.
We use the information we have to send you marketing communications, communicate with you about our Services, and let you know about our policies and terms. We also use your information to respond to you when you contact us.
Because recognition of the Do Not Track HTTP header feature of your web browser is not standardized, the website and dApps don’t recognize it for tracking purposes.
The website and dApps may keep the information we gather about you for an unlimited length of time.
The website does not share any information about you with advertisers, marketing companies, or anyone else, except as necessary to run this site.
Sharing with Third-Party Partners
We work with third-party partners who help us and improve our Services. We don't sell any of your information to anyone, and we never will. We also impose strict restrictions on how our partners can use and disclose the data we provide. Here are the types of third parties we share information with:
Measurement partners.
We share information about you with companies that aggregate it to provide analytics and measurement reports to our partners. See information about how we use Google Analytics in the Collecting and Tracking and Uses sections of this document.
Vendors and service providers.
We provide information and content to vendors and service providers who support our business, such as by providing technical infrastructure services, analyzing how our Services are used, providing customer service, facilitating payments or conducting surveys. See Services for a list of service providers and policies.
Law enforcement or legal requests.
We share information with law enforcement under the circumstances outlined in the Terms of Service or in response to valid legal requests.
We may use the following products or services to provide our Services to you. Please refer to their privacy policies (listed below). Twilio (Segment): https://www.twilio.com/legal/privacy
Intercom: https://www.intercom.com/es/legal/privacy
Google Analytics: https://policies.google.com/privacy?hl=en
AWS: https://aws.amazon.com/compliance/data-privacy/
ConsenSys (Infura): https://consensys.net/privacy-policy/
ConsenSys (Metamask): https://consensys.net/privacy-policy/
MongoDB Atlas: https://www.mongodb.com/legal/privacy-policy
MoonPay: https://www.moonpay.com/legal/privacy_policy
Magic Link: https://magic.link/legal/privacy-policy
Wallet Connect: https://walletconnect.com/privacy
We have put in place appropriate security measures to prevent your personal data from being accidentally lost, used or accessed in an unauthorized way, altered or disclosed. In addition, we limit access to your personal data to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal data on our instructions and they are subject to a duty of confidentiality. We have put in place procedures to deal with any suspected personal data breach and will notify you and any applicable regulator of a breach where we are legally required to do so.
If you have comments or questions about the privacy policies of the web site or dApps, contact us at [email protected].
The website may change its privacy policy at any time. Check this page for the latest.
Both Arch and You agree to do your respective parts to comply with the California Consumer Privacy Act and its regulations, consistent with Arch’s role as a “service provider”, and not as a “third party”, under that law.
Whenever it is feasible and legal to do so, both Arch and You will give the other prompt notice of user rights requests, regulatory inquiries, and other communications under the California Consumer Privacy Act. Both sides agree to cooperate in good faith to respond to and honor such communications, and to meet other obligations under the California Consumer Privacy Act.
Arch may not:
- sell personal information collected from consumers covered by the California Consumer Privacy Act that You disclose to Arch
- retain, use, or disclose such information for any purpose other than for the specific purpose of performing the services in the Terms of Service, including retaining, using, or disclosing such information for a commercial purpose other than providing the services Terms of Service
- retain, use, or disclose such information outside of a direct business relationship between Arch and You
Arch understands the restrictions in Prohibitions and will comply with them.
Both You and Arch agree to limit use of personal information covered by the California Consumer Privacy Act to that reasonably necessary and proportionate to achieve the purpose of the Terms of Service, consistent with the meaning of “business purpose” under that law.
Arch agrees to ensure that each subcontractor that processes Your information covered by the California Consumer Privacy Act will also qualify as a “service provider”, and not as a “third party”, under that law.
If the terms of this addendum conflict with terms of the Terms of Service or Privacy Policy, the terms of this addendum take precedence.
The data mentioned in this document will be stored in the US. [We use Amazon Web Server, which is based in the US. Amazon is certified under the EU-US Privacy Shield. Fabric.io and Firebase are part of the Google LLC., which is based in the US. Google is certified under the EU-US Privacy Shield.]
But, when interacting with the blockchain, as explained above in this Policy, the blockchain is a global decentralized public network and accordingly any personal data written onto the blockchain may be transferred and stored across the globe.
You have certain rights under applicable legislation, and in particular under Regulation EU 2016/679 (General Data Protection Regulation or ‘GDPR’). We explain these below. You can find out more about the GDPR and your rights by accessing the European Commission’s website.
Right Information and access
You have a right to be informed about the processing of your personal data (and if you did not give it to us, information as to the source). This document provides that information, and you may contact us for additional information.
Right to rectification
You have the right to have any inaccurate personal information about you rectified and to have any incomplete personal information about you completed. You may also request that we restrict the processing of that information. The accuracy of your information is important to us. If you do not want us to use your Personal Information in the manner set out in this Privacy Policy, or need to advise us of any changes to your personal information, or would like any more information about the way in which we collect and use your Personal Information, please contact us at the above details.
Right to erasure (right to be ‘forgotten’)
You have the general right to request the erasure of your personal information in the following circumstances:
- the personal information is no longer necessary for the purpose for which it was collected;
- you withdraw your consent to consent based processing and no other legal justification for processing applies;
- you object to processing for direct marketing purposes;
- we unlawfully processed your personal information; and
- erasure is required to comply with a legal obligation that applies tous.
But, when interacting with the blockchain we may not be able to ensure that your personal data is deleted. This is because the blockchain is a public decentralized network and blockchain technology does not generally allow for data to be deleted and your right to erasure may not be able to be fully enforced. In these circumstances we will only be able to ensure that all personal data that is held by us is permanently deleted.
We will proceed to comply with an erasure request without delay unless continued retention is necessary for:
- Exercising the right of freedom of expression and information;
- Complying with a legal obligation under EU or other applicable law;
- The performance of a task carried out in the public interest;
- Archiving purposes in the public interest, scientific or historical research purposes, or statistical purposes, under certain circumstances; and/or
- The establishment, exercise, or defense of legal claims.
Right to restrict processing and right to object to processing
You have a right to restrict processing of your personal information, such as where:
- you contest the accuracy of the personal information;
- where processing is unlawful you may request, instead of requesting erasure, that we restrict the use of the unlawfully processed personal information;
- we no longer need to process your personal information but need to retain your information for the establishment, exercise, or defense of legal claims.
You also have the right to object to processing of your personal information under certain circumstances, such as where the processing is based on your consent and you withdraw that consent. This may impact the services we can provide and we will explain this to you if you decide to exercise this right.
But, when interacting with the blockchain, as it is a public decentralized network, we will likely not be able to prevent external parties from processing any personal data which has been written onto the blockchain. In these circumstances we will use our reasonable endeavors to ensure that all processing of personal data held by us is restricted, not with standing this, your right to restrict processing may not be able to be fully enforced.
Right to data portability
Where the legal basis for our processing is your consent or the processing is necessary for the performance of a contract to which you are party or in order to take steps at your request prior to entering into a contract, you have a right to receive the personal information you provided to us in a structured, commonly used and machine-readable format, or ask us to send it to another person.
Right to freedom from automated decision-making
We do not use automated decision-making, but where any automated decision-making takes place, you have the right in this case to express your point of view and to contest the decision, as well as request that decisions based on automated processing concerning you or significantly affecting you and based on your personal data are made by natural persons, not only by computers.
Right to object to direct marketing (‘opting out’)
You have a choice about whether or not you wish to receive information from us. We will not contact you for marketing purposes unless:
- you have a business relationship with us, and we rely on our legitimate interests as the lawful basis for processing (as described above)
- you have otherwise given your prior consent (such as when you download one of our guides)
You can change your marketing preferences at any time by contacting us on the above details. On each and every marketing communication, we will always provide the option for you to exercise your right to object to the processing of your personal data for marketing purposes (known as ‘opting-out’) by clicking on the ‘unsubscribe’ button on our marketing emails or choosing a similar opt-out option on any forms we use to collect your data. You may also opt-out at any time by contacting us on the below details.
Please note that any administrative or service-related communications (to offer our services, or notify you of an update to this Privacy Policy or applicable terms of business, etc.) will solely be directed at our clients or business partners, and such communications generally do not offer an option to unsubscribe as they are necessary to provide the services requested. Therefore, please be aware that your ability to opt-out from receiving marketing and promotional materials does not change our right to contact you regarding your use of our website or as part of a contractual relationship we may have with you.
Right to request access
You also have a right to access information we hold about you. We are happy to provide you with details of your Personal Information that we hold or process. To protect your personal information, we follow set storage and disclosure procedures, which mean that we will require proof of identity from you prior to disclosing such information. You can exercise this right at any time by contacting us on the above details.
Right to withdraw consent
Where the legal basis for processing your personal information is your consent, you have the right to withdraw that consent at any time by contacting us on the above details.
Raising a complaint about how we have handled your personal data
If you wish to raise a complaint on how we have handled your personal data, you can contact us as set out above and we will then investigate the matter.
For purposes of the GDPR, we have named the below listed individual as our Data Protection Officer:
Name: Nicolás Jaramillo Valdés
Physical Address: 247 Water Street, of 306. Brooklyn 11201
Email address for contact: [email protected]
Right to lodge a complaint with a relevant supervisory authority
If we have not responded to you within a reasonable time or if you feel that your complaint has not been resolved to your satisfaction, you are entitled to make a complaint to the Data Protection Commissioner under the Data Protection Act in your country. You also have the right to lodge a complaint with the supervisory authority in the country of your habitual residence, place of work, or the place where you allege an infringement of one or more of our rights has taken place, if that is based in the EEA.