Privacy Policy - Desmo labs

Privacy Policy

Your personal data is of utmost importance to Desmo Labs SAS and its subsidiaries, branches (hereinafter referred to as “we”, “us”, “our” or “the Company”). We respect and protect the personal data and privacy of users (hereinafter referred to as “you”) registered or using the D/Bond and D/Wallet (hereinafter referred to as the “Platforms”).

The Privacy Policy constitutes a legally binding agreement between you and the Company. If you do not wish us to use your personal data in accordance with the Privacy Policy, please do not provide us with your personal data. However, please note that in such case, you may not be able to access certain services on the Platforms. By checking the Privacy Policy on the login interface, you acknowledge that you have read, understood, and agreed to be bound by the Privacy Policy. You also agree to assume the rights, obligations, consequences, and liabilities arising from it.

We highly value your privacy and the security of your personal data. We are honored that you choose to use our Platform for cryptocurrency, fiat currency, and other data product transactions, as well as for functionalities like identity verification using certificate information. We are committed to ensuring that you can use our website, products, and services, as well as engage in any other business transactions, with peace of mind.

In order to address your concerns, we would like to provide you with clear information regarding the types of personal data we collect, the purposes and uses of such data, the third parties with whom we may share the data, the specific protective measures we have implemented to safeguard your personal data, the rights you possess in relation to the aforementioned situations, and the party you can contact for assistance in resolving data protection issues.

Regarding the terms used in the Privacy Policy, such as “Data Processor” or “Data Controller”, we have adopted the definitions provided by the General Data Protection Regulation (hereinafter referred to as the “GDPR”).

Summary of this Privacy Policy:

Objective: Our objective is to restore data ownership and control to users while simplifying their cryptocurrency experience and enhancing the reliability and convenience of data product transactions. If you do not wish us to collect, use, or disclose your personal data according to the privacy policy, or if you are under the age of 16, please refrain from accessing our services.

Data Collection and Usage: We collect and use your data in order to provide and improve our services, protect the security and integrity of Platform, and fulfill legal obligations. For detailed information on the personal data collected and processed by the Platform, as well as the purposes of collecting and using personal data, please refer to Article 4 “Data Collected by the Platform” and Article 5 “Purposes of Collecting and Using Personal Data” of the Privacy Policy.

Third-Party Processing of Personal Data: For detailed information on how and why the Platform shares or grants third parties access to your personal data, please refer to Article 8 “Third-Party Processing of Personal Data” of the Privacy Policy.

Cross-Border Data Transfers: For detailed information on how and why the Platform transfers or grants access to your personal data to regions outside your country of residence, please refer to Article 9 “Cross-Border Data Transfers” of the Privacy Policy.

Data Subject Rights Protection: As a data subject of your personal data, you have certain rights under the GDPR regarding the personal data that we, as Data Controller or Data Processor, have access to and process. These rights include the right of access, right to rectification, right to erasure, right to restriction of processing, right to data portability, right to object, and right to withdraw consent. You can exercise the aforementioned rights through the platform’s interface or by contacting us through our support portal or sending an email to info@d-labs.org. For more information, please refer to Article 10 “Data Subject Rights Protection” of the Privacy Policy.

If you have any questions, please contact us through our support portal or by sending an email to info@d-labs.org. For further information, please refer to the contact details listed in Article 13 of the Privacy Policy.

The Content of the Privacy Policy

1. Applicability of this Privacy Policy

This Privacy Policy applies to all services and products related to our Platforms, websites, and APP provided by Desmo Labs SAS, its subsidiaries, and branches, as the technology provider offering blockchain technology services, data products, identity verification, and over-the-counter trading aggregation platforms.

2. Prohibition of Minors Under of Age 16 Using Our Products and Services

Our products and services are not intended for children. If you are under 16 years of age, please do not use or register on the Platform, and do not provide us with any personal data. If you have reason to believe that a child under the age of 16 has provided personal data to us through the Platform, please contact us promptly. Upon verifying the identity data, we will delete the personal data of the child from our Platform.

We encourage parents or legal guardians to monitor their children’s use of the internet. We remind all parents and legal guardians who supervise and care for children to take necessary precautions to ensure that their children are not instructed to submit personal data on online platforms without parental or legal guardian consent.

3. Data Controllers and Data Processors

Our role may vary as Data Controllers or Data Processors of personal data depending on the specific circumstances involving personal data. Regarding the data processing activities related to digital signatures involving you and the feedback from third-party service providers regarding whether users comply with registration requirements, as well as the data processing activities we perform during the encryption and authentication processes for the data provided by you through the Platform, we act as data controllers, and we will comply with the obligations of Data Controllers as stipulated in the GDPR. After your personal information is authenticated by a third party, we will encrypt the personal data provided by you and generate a personal data document stored on your local device. We do not possess, control, or determine such personal data. Such personal data will be processed solely based on your instructions, and you have the autonomy to decide on data sharing and other data processing activities. In this case, as a user providing personal data, you should be considered the Data Controller and authorize us to process such personal data in accordance with the predefined service functionalities and purposes of the Platform.

4. Personal Data Collected by the Platform

In order for you to use our platform or to fulfill legal obligations, the Platform may (but not necessarily) need to collect and use the following personal data. The scope of personal data you provide will vary based on the voluntary submission of authentication certificate or other relevant information:

(1) Personal Data You Provide To The D/wallet

TYPE	SPECIFIC DESCRIPTION
Wallet Data	When you register and connect your wallet account to our website/App, we collect your wallet address and data related to the integrations you choose.
Transaction Data	Data related to the transactions you perform on our website/App, such as sender’s name, recipient’s name, amount, currency preference, payment method, date, etc.
Blockchain Data	We may analyze public blockchain data, including timestamps of transactions or events, transaction IDs, digital signatures, transaction amounts, and wallet addresses, which may involve your personal data.

(2) Automatically Collected or Generated Personal Data

TYPE	SPECIFIC DESCRIPTION
App, Browser, And Device Data	Data related to the device, Operating System, and Browser you are using, as well as other device features or identifiers (such as plugins, connected networks), and IP address.
Digital Signatures, Public Key, Private Key	Digital Signatures: You can use your own private key to encrypt the data you want to send and generate a digital signature. This digital signature is unique and has characteristics that can be verified by a public key paired with the private key you hold.。 Public Key: The public key is a set of digital strings generated from a key pair consisting of a public key and a private key. The public key is part of asymmetric encryption algorithms used for encrypting data and verifying digital signatures. Private Key: A private key is a crucial component of asymmetric encryption algorithms, which, when paired with a public key, forms a key pair. The private key is a confidential string that only you should know.
Product Usage Data	Activity data: Data pertaining to the content you view or click on when accessing our website and App, as well as how you utilize our services. Diagnostic and Troubleshooting Data: Data regarding how our services perform during your usage, including diagnostic and performance-related data associated with the services. This data may include timestamps, crash data, website performance logs, and error messages or reports.
Data From Cookies and Similar Technologies	For more detailed information, please refer to our cookie policy.

(1) Personal Data Obtained from Third Parties

TYPE	SPECIFIC DESCRIPTION
Customer Basic Data (Collected By Third-Party KYC Company)	First Name, Family Name, ID, Date of Birth, Address, Sex, Nationality, Email, Etc.
Electronic Identification (EIDV) (Collected by the third party KYC Company)	Biometric information generated based on the photos or videos you provide for the purpose of identity verification.
Certificate Data (Collected by third party KYC Company)	Certificate (E.G., Passport Or Other Identification Documents) Number, Certificate Type, Issuer, Issued Date, Expiration Date, Etc.
Data On Whether Users Meet Platform Registration Requirements	Third party service providers analyze users’ personal data (KYC) and provide feedback to us on whether the user meets the platform's registration requirements.

Unless specifically required by law in specific circumstances, we do not require you to provide us with any additional personal data or special categories of personal data. If you voluntarily provide us with any additional personal data or special categories of personal data through the Platform, it signifies your explicit consent for us to collect and process such information in accordance with the Privacy Policy.

5. Purposes of Collecting and Using Personal Data

We always process your personal data based on the legal grounds provided by the GDPR (such as Article 6 and Article 7). We may collect and process your personal data for the following purposes:

(1) Providing you with encryption and authentication services, creating and maintaining your digital signatures, public keys, and private keys, and related personal data.

(2) Verifying compliance with registration requirements.

(3) Hosting and maintaining your digital wallets, including your electronic currency wallets and digital currency wallets.

(4) Providing investment, payment, asset listing, and account management services to you, investors, and institutions.

(5) Process your personal data as a Data P+rocessor in accordance with your instructions to fulfill system functionalities.

(6) Sending you notifications related to the management and accounts of our services, including security updates and transaction-related data.

(7) Investigating suspicious activities, detecting, preventing, and combating illegal behavior, detecting fraudulent activities, and maintaining the security of our services.

6. Storage of Personal Data

(1) For the purposes of data integrity verification and data subject identity verification, we will store the digital signatures generated by encryption algorithms on AWS cloud services located in France, as well as the results of user compliance with registration conditions provided by third-party. Unless required or permitted by law, regulations, or regulatory requirements to store data for a longer period, we will only retain the aforementioned data for the necessary duration to fulfill the purposes described in this Privacy Policy. Once we no longer need the aforementioned data, we will immediately delete it or render it anonymous.

(2) After performing comparison verification and encryption on your personal data, the Platform will generate a document regarding the personal data on your personal device. Through the adoption of specific technologies such as blockchain, the aforementioned personal data will be stored on your local device. We do not store such personal data. If you wish to delete the personal data stored on your local device, you can click “Revoke” in Platform’s interfaces MY SOURCE.ID to delete the information stored on your local device.

7. Legal Basis for Collection and Usage of Personal Data

All processing carried out by the Platform is performed in compliance with applicable data protection regulations. If you have provided your consent for the Platform to process your personal data, the processing will be conducted in accordance with the purposes and scope specified in the Privacy Policy and the consent statement. You have the right to withdraw your consent at any time without providing any reasons. However, please note that the withdrawal of consent does not affect the lawfulness of processing based on consent prior to its withdrawal.

8. Third Party Processing of Personal Data

(1) When you first register on the Platform, you will directly provide your personal data to the third-party service provider TOGGLE LIMITED, through their platform. For specific information on the data processing methods and contact details of the third party please refer to the privacy policy of the third-party service provider. After analyzing the user’s personal data, the third-party service provider will provide us with feedback on whether the user meets the Platform’s registration requirements and transmit encrypted information.

(2) Once you receive the Platform’s authenticated personal data, you can share your personal data with third parties of your choice or authorize third parties to access your personal data for purposes and objectives determined by your own decisions, such as sharing personal identification information, identity verification, conducting transactions using data products, bond transfers, and redemptions.

If the Platform intends to share or authorize access to your personal data with third parties for purposes other than those mentioned above, we will obtain your consent in advance, and you can choose to refuse the provision of your personal data to third parties.

9. Cross-Border Data Transfers

The Platform generally processes your personal data within the European Union and the European Economic Area. However, the Platform may also process your personal data in countries/regions outside your home country but within the European Union or the European Economic Area. Additionally, once you receive the Platform’s authenticated personal data, you have the right to authorize third parties located outside the European Union or the European Economic Area to access your personal data. In such cases, where third parties outside the European Union or the European Economic Area may access your personal data, as the data controller, you need to adopt appropriate data transfer mechanisms in accordance with the relevant provisions of the GDPR.

10. Data Subject Rights Protection

Depending on your place of residence and specific Platform usage scenarios, you have the following rights regarding your personal data:

(1) Right of Access: You can access your personal data through the Platform’s interfaces such as CREDENTIALS and MY SOURCE.ID. You also have the right to request confirmation of whether we are processing personal data related to you and to receive a copy of the personal data being processed, provided that we, as the Data Controller or Data Processor, have access to and are processing your personal data.

(2) Right of Rectification: You can request us to correct inaccurate data and provide supplementary data for incomplete records, provided that we, as the data controller or processor, have access to and can rectify your personal data.

(3) Right to Erasure: You can request the deletion of your personal data stored by us at any time (except in cases where exceptions apply, such as when we need to retain the data to comply with legal obligations imposed by EU member states), provided that we, as the Data Controller or Data Processor, have access to and can delete your personal data, and the exercise of the right to erasure is technically feasible and does not adversely affect the rights and freedoms of others.

(4) Right to restriction of processing: You have the right to request us to restrict the processing of your personal data in the following circumstances: (a) you contest the accuracy of the personal data; (b) the processing of your personal data is unlawful, but you oppose the erasure of your personal data and request the restriction of its use; (c) we no longer need to process your personal data, but you need it to establish, exercise, or defend your legal claims.

(5) Right to Data Portability: You have the right to receive your personal data that you have provided to us in a structured, commonly used, and machine-readable format, and you have the right to transmit this data to another data controller designated by you, provided that we, as the Data Controller or Data Processor, have access to and can process your personal data, and the exercise of the right to data portability is technically feasible and does not adversely affect the rights and freedoms of others.

(6) Right to object: If processing is based on our legitimate interests, you have the right to object to the processing of your personal data at any time on grounds relating to your particular situation. We will cease processing your data for such purposes unless we can demonstrate compelling legitimate grounds that override your interests, rights, and freedoms, or unless the processing is necessary for the establishment, exercise, or defense of legal claims. For personal data processed for direct marketing purposes (if applicable), you can object at any time by contacting us using the contact details listed in Article 13 of the Privacy Policy. Your objection does not affect the lawfulness of processing your personal data based on legitimate interests before you withdrew your consent.

(7) Right to withdraw consent: You have the right to withdraw your consent to us processing your personal data at any time, provided that we, as the data controller or processor, have access to and can process your personal data. Unless otherwise required or technically infeasible, we will cease processing your personal data upon withdrawal. The withdrawal does not affect the lawfulness of processing your personal data based on consent before its withdrawal, nor does it affect the processing of data under your control. You can also withdraw your consent by accessing the “Security & Privacy” interface on the platform.

To exercise the aforementioned rights, you can contact us by sending an email to info@d-labs.org. Please note that for such requests, we may require you to provide additional identity data to ensure effective verification of your identity. Unless we are able to verify your identity or confirm your authority to make such requests, as well as establish the relevance of the personal data to you, we will be unable to respond to your request or provide you with personal data.

Please note that upon receiving the platform-authenticated personal data from us, as we do not have access to your personal data, you will act as the data controller for any subsequent data processing activities. To exercise your rights as a data subject, such as the right to access and rectify, you will need to access and copy the data through the platform. For rights such as the right to erasure, objection, or withdrawal of consent, you may need to uninstall any browser plugins installed and clear relevant data, adjust device settings, or take other appropriate measures. We will make every effort to protect the security of your personal data.

11. Protection Measures for Personal Data

Data security is of utmost importance to us, and we are committed to protecting the data we collect. We employ comprehensive administrative, technical, and physical measures to safeguard your personal data from accidental, unlawful, or unauthorized destruction, loss, alteration, access, disclosure, or use.

For instance, we implement the following, but not limited to, technical and organizational measures:

(1) Encryption of websites transmitting personal data using SSL.

(2) Pseudonymization and anonymization of personal data.

(3) Ensuring the confidentiality, integrity, availability, and resilience of our systems and services.

(4) Regular reviews, assessments, and organizational measures to ensure the security of processing.

(5) Internal IT security training.

(6) Incident response management.

If we become aware of any compromise to the security of the platform or the unauthorized disclosure of users’ personal data due to external activities, including but not limited to security attacks or fraud, we reserve the right to take appropriate measures, including investigation and reporting. In the event of a data breach, if we determine that the breach poses a risk of harm to users, we will make reasonable efforts to notify affected individuals in accordance with legal requirements.

12. Privacy Policy Updates

We are committed to maintaining up-to-date data protection principles. To achieve this, we conduct regular reviews and updates of the Privacy Policy to ensure that our processing practices are accurately and clearly reflected on Platform. We will update the Privacy Policy as necessary, and if we make significant changes to the policy, we will notify you after you log into the Platform and provide you with the updated version of the privacy policy.

13. Contact Us

If you have any questions regarding the Privacy Policy, or if you wish to file a complaint or provide any suggestions, please contact us via email at info@d-labs.org.