What Do We Do With Your Information?
This policy (the Policy) outlines how we collect, use, store and disclose your personal data. Please take a moment to read about how we collect, use and/or disclose your personal data so that you know and understand the purposes for which we may collect, use and/or disclose your personal data. By accessing the website at https://drisk.io/ (the Website) and the mobile application at https://drisk.io/dl. dRisk, you agree and consent to dRisk (the Company), its related corporations, business units and affiliates, as well as their respective representatives and/or agents (collectively referred to herein as dRisk, us, we or our), to, collect, use, disclose and share amongst themselves the personal data/information and to disclose such personal data/information to relevant third-party providers. This policy supplements but does not supersede nor replace any other consent which you may have previously provided to us nor does it affect any rights that we may have at law in connection with the collection, use and/or disclosure of your personal data.
The security of your personal data is important to us. At each stage of data collection, use and disclosure, dRisk has in place physical, electronic, administrative and procedural safeguards to protect the personal data stored with us. However, do note that no transmission of personal data over the internet can be guaranteed to be 100% secure – accordingly and despite our efforts, dRisk cannot guarantee or warrant the security of any information you transmit to us, or to or from our online services. dRisk shall not have any responsibility or liability for the security of information transmitted via the internet
By using the Service, you agree to the collection and usage of information in accordance with this Privacy Policy.
Definitions
“Cookies” means small pieces of data stored on your device.
“Device” means any device that can access the services.
“Person” means an individual, association, partnership, corporation, company, future proposed company, other corporate body, trust, estate, and any form of organisation, group, or entity (whether or not having separate legal personality).
“Personal Data” means data about a living individual who can be identified from those data (or from those and other information either in our possession or likely to come into our possession)
“Usage Data” means the data collected automatically, either generated by the use of the Services or from the services infrastructure itself.
“Usage Data” means the data collected automatically, either generated by the use of the Services or from the services infrastructure itself.
“Users” means any person who is the ultimate user of the services.
What personal data Is collected by dRisk?
“Personal data” means data, whether true or not, about an individual who can be identified (i) from that data, or (ii) from that data and other information to which the organisation has or is likely to have access. Some examples of personal data that the company may collect are:
- personal particulars (e.g., name, contact details, residential address, date of birth, identity card/passport details, and other information);
- information about your use of our services and the website;
- usernames and password, third party account credentials (such as your login credentials, Google login credentials) and IP address;
- personal opinions made known to us (e.g., feedback or responses to surveys)
Personal data may be collected when you interact with our services or use the website, or may be received by the company from third-party databases or service providers that provide business information.
Third-Party Service Providers and Partners. We may engage with any third party service providers and partners to provide us with the information, and we also use publicly available sources, to supplement our user account information to help improve personalization of our services.
personal data and the blockchain
Blockchain technology, also known as distributed ledger technology (DLT), is at the core of our business. Blockchains are decentralised and made up of digitally recorded data in a chain of packages called "blocks". The manner in which these blocks are linked is chronological, meaning that the data is very difficult to alter once recorded. Since the ledger may be distributed all over the world (across several "nodes" which usually replicate the ledger) this means there is no single person making decisions or otherwise administering the system (such as an operator of a cloud computing system), and that there is no centralised place where it is located either.
Accordingly, by design, a blockchain’s data cannot be changed or deleted and is said to be "immutable". This may affect your ability to exercise your rights such as your right to erasure ("right to be forgotten"), or your rights to object or restrict processing of your personal data. Data on the blockchain cannot be erased and cannot be changed. Although smart contracts may be used to revoke certain access rights, and some content may be made invisible to others, it is not deleted.
In certain circumstances, in order to comply with our contractual obligations to you (such as delivery of tokens or provision of other services) it will be necessary to collect certain personal data, such as your wallet address, onto the blockchain; this is done through a smart contract and requires you to execute such transactions using your wallet’s private key. The ultimate decision to (a) transact on the blockchain using your wallet address, as well as (b) share the public key relating to your wallet address with anyone (including us) rests with you. If you want to ensure your privacy rights are not affected in any way, you should not transact on blockchains as certain rights may not be fully available or exercisable by you or us due to the technological infrastructure of the blockchain. In particular the blockchain is available to the public and any personal data shared on the blockchain will become publicly available.
Purpose For Collection, Use And Disclosure Of Your Personal Data
When you sign up on the dRisk website or mobile app, we collect the Personal Information (“Personal Information”). With your permission, we may send you emails about our store, new products and other updates.
Developing and providing facilities, products or services (whether made available by us or through us), including but not limited to:
- acting as intermediaries through any blockchain, network or platform developed or managed by us;
- recording and/or encryption on any blockchain, network or platform developed or managed by us;
- promoting advertisements or marketing material, whether from us or third parties;
- various products and/or services (whether digital or not, and whether provided through an external service provider or otherwise);
- making payments for participation in any blockchain, network or platform developed or managed by us (as applicable);
- carrying out research, planning and statistical analysis;
- trouble-shooting, technical maintenance and bug fixes; and/or
- analytics for the purposes of developing or improving our products, services, security, service quality, staff training, and advertising strategies;
Your information in relation to your usage of services through your device such as your IP address, the type of device you use to access our platform, device information, browser type, information about your browser, date and time you visit our platform, volume of data transmitted and network operator. This information will either be directly obtained by platform or through third party service providers.
We would collect analytics for the purposes of developing or improving our services, security, service quality, and advertising strategies.
We ensure that our interface and/or platform is seamlessly accessible for all users around the world, except users in the prohibited jurisdictions.
Responding to queries or feedback
Addressing or investigating any complaints, claims or disputes.
Verifying your identity for the purposes of providing facilities, products or services, which would require comparison of your personal information against third party databases and/or provision of such information to third party service providers.
Conducting credit checks, screenings or due diligence checks as may be required under applicable laws, rules, regulations or directives.
Complying with all applicable laws, regulations, rules, directives, orders, instructions and requests from any local or foreign authorities, including regulatory, governmental, tax and law enforcement authorities or other authorities.
Monitoring services provided by or made available through us on the platform.
We may also use personal data for purposes set out in the terms and conditions that governs our relationship with you.
How We Use Personal Information
We utilise your personal data through the services in the following ways as required:
For providing the services: We use personal information to operate, maintain, and provide features of the services.
For communicating with you: We use personal information to contact you for administrative and informational purposes, such as to respond to your inquiries, or to invite you to join the services.
For understanding and improving the services: We use personal information to understand and analyse the usage trends and preferences of our users in order to improve the services, and to develop new products, services, features, and functionalities.
For compliance with regulations: We use personal information to comply with financial regulations, including verifying your identity by comparing the personal information you provide against third-party databases and public records. We may use the information we collect to investigate or address claims or disputes relating to use of our services, or as otherwise allowed by applicable laws or as requested by regulators, government entities, and official inquiries.
For safety and security: We may use your information to help maintain the safety, security and integrity of you and our services, including to protect, investigate and deter against fraudulent, unauthorised, or illegal activities; monitor and verify identity or service access, and security risks; perform internal operations necessary to provide our services, including to troubleshoot software bugs and operational problems; and enforce our agreements with third parties, and address violations of our terms of use or agreements for other Services.
Other business purposes: We use personal information for compliance, risk management, and other business purposes, such as for applicable laws and regulations, fraud monitoring, and prevention.
Use Of Personal Data For Marketing Purposes
We may use your personal data for marketing messages and send to you in various modes including but not limited to electronic mail, direct mailers, short message service, facsimile and other mobile messaging services. In doing so, we will comply with all applicable data protection and privacy laws.
In respect of sending telemarketing messages to your telephone number via short message service, facsimile and other mobile messaging services, please be assured that we shall only do so if we have your clear and unambiguous consent.
For marketing and advertising the project the company and its subsidiary venture, shall be on board to co-ordinate the productions and preparation of all advertising, promotional and general publicity materials including artwork, photography, brochures, videos and printing and arrangement for the display, publications, transmission or telecast of the said advertising, promotional and publicity materials in various advertising media.
You may at any time request that we stop contacting you for marketing purposes via selected or all modes. To find out more on how you can change the way we use your personal data for marketing purposes, please contact us on the email id as mentioned below. Nothing in this section shall vary or supersede the terms and conditions that govern our relationship with you.
Disclosure And Sharing Of Personal Data
We may from time to time and in compliance with all applicable laws on data privacy, disclose your personal data to any personnel of dRisk, group entities, or to third parties (including without limitation banks, financial institutions, credit card companies, credit bureaus and their respective service providers, companies providing services relating to insurance and/or reinsurance to us, and associations of insurance companies, agents, contractors or third party service providers who provide services to us such as telecommunications, information technology, payment, data processing, storage and archival, and our professional advisers such as our auditors and lawyers, and regulators and authorities), located in any jurisdiction, in order to carry out the purposes set out above.
Please be assured that when we disclose your personal data to such parties, we will disclose only the personal information that is necessary to deliver the service required, and will also require them to ensure that any personal data disclosed to them are kept confidential and secure.
We wish to emphasise that dRisk does not sell personal data to any third parties and we shall remain fully compliant of any duty or obligation of confidentiality imposed on us under the applicable agreement(s) and/or terms and conditions that govern our relationship with you or our customer or any applicable law.
You are responsible for ensuring that the personal data you provide to us is accurate, complete, and not misleading and that such personal data is kept up to date. You acknowledge that failure on your part to do so may result in our inability to provide you with the products and services you have requested. To update your personal data, please contact us.
We may transfer, store, process and/or deal with your personal data in any jurisdiction, and accordingly such personal data may be transferred to computers, servers or hardware located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ from those in your jurisdiction. dRisk will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and no transfer of your personal data will take place to an organisation or a country unless there are adequate controls in place including the security of your data and other personal information.
Your consent to this Policy followed by your submission of such information represents your agreement to the transfer of personal data as described herein.
Tracking Cookies Data
When you access our website and the app, we, or companies we hire to track how our website is used, may place small data files called cookies on your computer or other device. For example, we send a "session cookie" to your computer any time you log in to your account. This type of cookie helps us to recognize you if you visit multiple pages on our site during the same session, so that we don't need to ask you for your password on each page. We use these technologies to recognize you as a user, customize content and advertising, measure promotional effectiveness, and collect information about your computer or other access devices to mitigate risk, help prevent fraud, and promote trust and safety.
You may set up your web browser to block cookies from monitoring your website visit. You may also remove cookies stored from your computer or mobile device. However, if you do block cookies, you may not be able to use certain features and functions of our website and the app.
Types of cookies we use: Some of the cookies we use are first-party cookies, which are created by us to help make dRisk work properly and analyse usage. We also allow certain third-party providers to place third-party cookies to enable third-party features or functionalities or to assist us with our analytics and advertising activities.
- Strictly necessary cookies: These cookies are strictly necessary to provide you with certain features. For example, these cookies allow you to access secure areas that require registration and set your privacy preferences. Because these cookies are essential to providing services to you, they cannot be disabled.
- Performance Cookies: (also commonly known as Analytics Cookies): These cookies allow us or our third-party analytics providers to collect information and statistics on use of our services by you and other visitors. This information helps us to improve our services and products for the benefit of you and others.
- Functionality Cookies: These cookies provide enhanced functionality, providing chat support, allowing you to more easily complete forms, personalising content to your preferences, and selecting your communications preferences. If you do not enable these cookies, or choose to disable them in the future, that could impact your ability to use certain features.
- Targeting Cookies: These cookies, provided by our third-party advertising partners, collect information about your browsing habits, as well as your preferences for various features and services. They also provide us with auditing, research, and reporting to know when advertising content has been displayed and how successful the content has been. This information allows us and our third-party advertising providers to display relevant advertising content.
- Social media cookies: These cookies are used when information is shared through a social media sharing button (such as a “like” button), or when you link your account or engage with our content on or through a social networking site.
your rights
This Privacy Policy grants you certain rights with respect to your personal data as set out below:
Right to Consent: By using our Services and/or on providing your personal data, you agree to allow us to collect, hold, use, and disclose such data in accordance with this privacy policy. You have the right not to consent/provide us any such data, however, if you do so, we may not be able to provide you with the services, or the products and/or services offered through the Platform.
Access: You have the right to request details of your personal data from us.
Data Erasure: You can request for deletion of your personal data. However, if such data is required for the provision of the services, you may be required to delete your profile and/or may not be able to use our services.
Correction: If you believe any personal data held by us is inaccurate, obsolete/outdated, incomplete, irrelevant, or misleading, please contact us to correct such information, or update the same via your account, if allowed.
Concerns and Queries: If you have any concerns and queries on how we process, handle, and keep your personal data, please contact us with full details of your concerns and queries. We will take appropriate steps to address them.
Unsubscribe: To unsubscribe from our e-mail or to opt-out of any communications, please contact us at the address provided in this privacy policy or where available, use opt-out option.
Additional Rights
General Data Protection Regulation (GDPR) Data Protection Rights
The company invites you to be fully aware of all your personal data protection rights if you are a resident where the GDPR is applicable. Every such consumer is entitled to the following:
- The right to access - the consumer has the right to request copies of your personal data. The company may charge additional costs for the same.
- The right to rectification - the consumer has the right to request that we correct any information you believe is inaccurate. the consumer additionally has the right to request that we complete the information the consumer believes is incomplete.
- The right to erasure - The consumer has the right to request that the company erases your personal data, under certain circumstances.
- The right to restrict processing - The consumer has the right to request that the company restricts the processing of your personal data, under certain circumstances.
- The right to object to processing - The consumer has the right to object to the company’s processing of your personal data, under certain circumstances.
- The right to data portability - The consumer has the right to request that the company transfers the data that the company has collected to another company/ organisation, or directly to you, under certain circumstances.
If the GDPR is applicable to you, you may make a request, and the Company will endeavour to respond to you within the timeline as per applicable law.
Data Processing Agreements
- Under the GDPR, “data controllers” (i.e. entities that determine the purposes and means of processing data) are required to enter into agreements with other entities that process data on their behalf (called “data processors”). dRisk offers its customers who are controllers of EU personal data. This includes dRisk’s commitment to process personal data consistent with the instructions of the data controller.
- Privacy Documentation
At its core, the GDPR is focused on transparency, fairness, and accountability. Accordingly, the law requires organizations to maintain documentation about their privacy practices and their decisions about how they handle individuals’ personal data. dRisk shares the GDPR’s commitment to these principles and has included within its ongoing GDPR compliance program documentation about its data collection and processing activities, and the various policies and guidelines it follows pursuant to the GDPR. You can learn more about how dRisk collects, uses, and discloses personal data by visiting dRisk’s Privacy Policy. - Data Security
The GDPR requires organisations to use appropriate technical and organisational measures to protect the security, confidentiality, and integrity of personal data. This means that an independent third party has both validated our processes and practices with respect to these three trust services criteria and confirmed our ability to maintain compliance with the controls we have implemented. We have likewise implemented a variety of safeguards to protect the security of our platform, including encrypting web connections to protect data transmissions, replicating our databases to support reliability of the platform, and controlling access to our facilities and office network. dRisk also offers customers the ability to use additional security controls to further enhance the security of their teams’ data.
data retention
Your personal data is retained as long as the purpose for which it was collected remains and until it is no longer necessary for any legal or business purposes. This enables us to comply with legal and regulatory requirements or use it where we need to for our legitimate purposes, such as transfers of digital assets, and dealing with any disputes or concerns that may arise.
We may need to retain information for a longer period where we need the information to comply with regulatory or legal requirements or where we may need it for our legitimate purposes (e.g., to help us respond to queries or complaints, fighting fraud and financial crime, responding to requests from regulators etc).
When we no longer need to use personal data, we will remove it from our systems and records and/or take steps to anonymise it so that you can no longer be identified from it.
Queries, Access/Correction Requests And Withdrawal Of Consent
If you:
- have queries about our data protection processes and practices;
- wish to request access to and/or make corrections to your personal data in our possession or under our control; or
- wish to withdraw your consent to our collection, use or disclosure of your personal data,
please submit a written request (with supporting documents, (if any) to our Compliance Officer at: support@drisk.io Our Compliance Officer shall endeavour to respond to you within 30 days of your submission. Please note that if you withdraw your consent to any or all use or disclosure of your personal data, depending on the nature of your request, we may not be in a position to continue to provide our services or products to you or administer any contractual relationship in place. Such withdrawal may also result in the termination of any agreement you may have with us. Our legal rights and remedies are expressly reserved in such an event.
We may charge you a fee for processing your request for access. Such a fee depends on the nature and complexity of your access request. Information on the processing fee will be made available to you.
Data Security
Without prejudice to the inherent risk of sharing and accessing data over the internet, we will use appropriate security measures (organisational and technical) to prevent your personal data from being accidentally lost, used, damaged, or accessed in an unauthorised or unlawful manner, altered, or disclosed. In addition, we will allow access to your personal data only to those employees, agents, contractors and other third parties who have a legitimate business need to know and are subject to a duty of confidentiality. Despite the fact that we have implemented appropriate security measures, we cannot guarantee that your personal data collected will not be shared/disclosed in a way that is inconsistent with this Privacy Policy.
Amendments And Updates To Our Privacy Policy
We reserve the right to update this privacy policy at any time and at our sole discretion. Any changes to or modifications of this privacy policy shall be in effect as of the “last updated date” referred to at the bottom of this page. We encourage you to periodically review this privacy policy. If you do not agree, either partially or wholly with the revised privacy policy, you should discontinue accessing or using our services. Your continued access to and use of our services after any changes to this privacy policy constitutes your consent to any changes and your agreement to continue using the services.
Acceptance Of The Privacy Policy
This Policy applies in conjunction with any other notices, contractual clauses and consent clauses that apply in relation to the collection, use and disclosure of your personal data by us. We may revise this Policy from time to time without any prior notice. You may determine if any such revision has taken place by referring to the date on which this Policy was last updated.
By using the website and/or any services provided by dRisk, you signify your acceptance of this Policy and terms of service. If you do not agree to this Policy or terms of service, please do not use the App or any services provided by dRisk. Your continued use of the website following the posting of changes to this Policy will be deemed your acceptance of those changes.
minor
As provided in our T&C’s, our services are not intended for anyone under the age of 18 or minor under the law of the country where the services are accessed (“Minor”). We do not intend to or knowingly collect any personal data related to a minor. If you believe that personal data of any minor has been collected or provided to us, please contact us.