Privacy policy
Last updated: April 18, 2024
1. Data We Collect from You
1.1 Personal Data
"Personal data" means any information relating to an identified individual. This may include, but is not limited to, names, email addresses, phone numbers, physical addresses and other data that can be used alone or in combination with other information to identify a person. Defining "personal data" in a privacy policy is crucial to inform users about what data is collected, how it is used and how it is protected.
1.2. How and what kind of data do we collect from you when you use Umay Protocol?
We may collect, use, store and transfer different types of personal data about you as follows:
- Your email address;
- Your Device Data, such as browser or operating system;
- Marketing and Communication of Data;
- Time spent on Umay Protocol and time spent on certain sections;
- Location data;
- Download Errors;
We collect, use and share Aggregated Data, such as statistical or demographic data, for any purpose. Aggregate Data may be derived from your personal data but is not considered personal data by law because it does not directly or indirectly reveal your identity. For example, we may collect Usage Data to calculate the percentage of users accessing a particular Umay Protocol feature. However, if we combine or link Aggregated Data in a way that can directly or indirectly identify you with your personal data, we will treat the combined data as personal data to be used in accordance with this privacy policy.
We do not collect any Special Category Personal Data about you (this includes details about your race or ethnic origin, religious or philosophical beliefs, sex life, sexual orientation, political opinions, trade union membership, information about your health and genetic and biometric data). We also do not collect any information about criminal convictions and offenses.
1.3.How is your personal data collected?
We will collect and process the following data about you:
- Information you provide to us. This is information you agree to give us about you by filling in forms on the Umay Protocol Site and Service Sites (together with our Sites) or by contacting us (for example, by email or chat). It includes information you provide when you register or register to use the Umay Protocol Site, when you seek a Service, and when you report a Umay Protocol related problem. , any of our Services or Sites. If you contact us, we will keep a record of that correspondence.
- Information we collect about you and your device. Each time you visit one of our Sites or use Umay Protocol, we will automatically collect personal data, including Device, Content and Usage Data. We collect this data using cookies and other similar technologies.
1.4. Sharing your personal data
We will only use your personal data where we are permitted to do so by law. We will most commonly use your personal data in the following situations:
- Where you have given your consent prior to processing.
- Where we need to fulfill a contract we are about to enter into or have entered into with you.
- Where it is necessary for our (or a third party's) legitimate interests and your interests and fundamental rights do not override those interests.
- Where we need to comply with a legal or regulatory obligation
If we have your consent, we will send you direct marketing communications by email or text. You have the right to withdraw this consent at any time by contacting us. We will obtain your express consent before sharing your personal data with any third party for marketing purposes.
2. Third parties
We have no control over third party websites or platforms and they are not subject to this Privacy Policy. If you visit third party sites through links we provide, the operators of those sites may collect information from you according to their own privacy policies. Please review their privacy policies before providing any personal data to these websites. We do not accept any responsibility or liability for these policies or for any personal data, such as Contact and Location Data, that may be collected through these websites or services.
3. Your duty to inform us about changes and amendments to the privacy policy
We regularly review our privacy policy. This version was last updated on [18.04.2024]. It may change and, if it does, these changes will be posted on Clave's website and, where appropriate, notified to you by email. The new policy may be displayed on screen and you may need to read and accept the changes in order to continue using Umay Protocol or the Services.
It is important that the personal data we hold about you is accurate and up to date. Please let us know if your personal data changes during the course of our relationship with you.
4. Data storage
We are required by law to retain basic information about our customers for six years after they cease to be our customers. In some cases we will anonymize your personal data for research or statistical purposes (so that it can no longer be associated with you), in which case we may use this information indefinitely without further notice to you.
5. Data Security
All information you provide to us is stored on our secure servers. When you choose a password that gives you access to Umay Protocol, it is your responsibility to keep this password confidential. We ask that you do not share your password with anyone.
Once we receive your information, we will use strict procedures and security features to prevent accidental loss, use or unauthorized access to your personal data.
We have established procedures to deal with any suspected personal data breach and will notify you and relevant regulators if we are legally required to do so.
5. Data Security
All information you provide to us is stored on our secure servers. When you choose a password that gives you access to Umay Protocol, it is your responsibility to keep this password confidential. We ask that you do not share your password with anyone.
Once we receive your information, we will use strict procedures and security features to prevent accidental loss, use or unauthorized access to your personal data.
We have established procedures to deal with any suspected personal data breach and will notify you and relevant regulators if we are legally required to do so.
6. Your legal rights
As a data subject, you have various rights in relation to your personal data. Please see your legal rights below:
- Request access to your personal data (commonly known as a "data subject access request"). This enables you to receive a copy of the personal data we hold about you and to check that we are lawfully processing it.
- Request rectification of the personal data we hold about you. This enables incomplete or inaccurate data we hold about you to be corrected, but we may need to verify the accuracy of any new data you provide to us.
- Request erasure of your personal data. This allows you to ask us to delete or remove personal data when there is no good reason for us to continue processing it. You also have the right to ask us to erase or remove your personal data where you have successfully exercised your right to object to processing (see below), where we are processing your information unlawfully or where we need to erase your personal data to comply with local laws. Note, however, that for certain legal reasons, which will be communicated to you at the time of your request, we may not always be able to fulfill your erasure request.
- You have the right to object to the processing of your personal data where we rely on a legitimate interest (or the legitimate interest of a third party) and where there is something about your particular situation that makes you want to object to the processing on this ground, because you consider that it affects your fundamental rights and freedoms. You also have the right to object that we process your personal data for direct marketing purposes. In some cases, we may demonstrate that we have compelling legitimate grounds for processing your information that override your rights and freedoms.
This allows you to ask us to suspend the processing of your personal data in the following scenarios:
- (a) if you want us to determine the accuracy of the data;
(b) where our use of the data is unlawful but you do not want us to delete it;
(c) where you want us to retain the data even if we no longer need it, such as where you need it to establish, exercise or defend legal claims; or
(d) you have objected to our use of your data but we need to verify whether we have overriding legitimate grounds for using it.
- Request the transfer of your personal data to you or a third party. We will provide your personal data to you or a third party of your choice in a structured, commonly used, machine-readable format. Note that this right only applies to automated information that you have initially consented to us using or where we use the information to perform a contract with you.
- Where we rely on consent to process your personal data, you may withdraw consent at any time. However, this will not affect the lawfulness of any processing carried out before you withdraw your consent. If you withdraw your consent, we may not be able to provide you with certain products or services. We will let you know if this is the case when you withdraw your consent.
8. International Transfers
Our main external third party service provider for data storage and processing is Amazon Web Services (AWS). As a global company, AWS may transfer and store your personal data outside the United Kingdom as part of its cloud infrastructure services. We have implemented appropriate safeguards and contractual measures3 to ensure the security and protection of your personal data during international transfers in accordance with applicable data protection laws.
9. Glossary
Legal basis
Consent means the processing of your personal data where you have signed your contract with us with a declaration or where you have expressly opted in to the processing for a specific purpose. Consent will only be valid if it is a freely given, specific, informed and clear indication of what you want. You can withdraw your consent at any time by contacting us.
Legitimate Interest means the interest of our business in conducting and managing our business to ensure that we provide you with the best service/product and the best and safest experience. Before we process your personal data for our legitimate interests, we make sure that we consider and balance the potential impact on you (positive and negative) and your rights. We do not use your personal data for activities where our interests are overridden by the impact on you (unless we have your consent or are required or permitted to do so by law). You can find out more about how we assess our legitimate interests against the potential impact on you in relation to specific activities by contacting us.
Complying with a legal obligation means processing your personal data where it is necessary to comply with a legal obligation to which we are subject.
Description of categories of personal data
- Contact Data: e-mail address.
- Transaction Data: Includes details about payments made to and by you.
- Profile Data includes your email, transaction history, preferences, feedback and survey responses.
- Usage Data: includes details of your use of any of Umay or your visits to any of our Sites, including but not limited to traffic data and other communication data and the resources you access, whether necessary for our own billing purposes or otherwise. .
- Location Data: includes your current location as described by the relevant technology.
Contact us
E-mail: explore@umay.io