Privacy Policy
Thank you for visiting.
We are GM.co a Web3 platform built around an active and engaged community for whom we provide a smorgasbord of dedicated and purpose built Web3 tools.
This is the GM.co Platform privacy notice (Notice) and applies to our website, the homepage of which is GM.co (Website).
Please read this Notice carefully as it contains important information on who we are and how and why we collect, store, use and share your personal data. It also explains your rights in relation to your personal data and how to contact us or supervisory authorities in the event you have a complaint.
When we use personal data we adhere to the standards under the General Data Protection Regulation EU 2016/679 as it forms part of the laws of the United Kingdom by virtue of section 3 of the European Union (Withdrawal) Act 2018, including as further amended or modified by the laws of the United Kingdom or a part of the United Kingdom from time to time (UK GDPR) and the Data Protection Act 2018 (together, Data Protection Legislation). We are accountable as Controller of that personal data for the purposes of Data Protection legislation.
By using the Website, you (as a data subject) are agreeing to our collection, use, storage and disclosure of your data in accordance with this Notice. If you do not accept this Notice, you should not use our Website.
KEY TERMS
It would be helpful to start by explaining some key terms used in this Notice:
We, us, our
The e-commerce platform GM.co
Personal data
Any information relating to an identified or identifiable natural person.
PERSONAL DATA WE COLLECT
In the course of your interaction with us and your use of the Website, either as a consumer or as a supplier or merchant, we will collect from you the following personal data :
- If you contact us via our Website or join our mailing list, the email address which you provide when registering on our website, your name and your address; and
- If you create an account on our Website, your Crytpo wallet address, the email address which you provide when registering on our website, your name and your address.
This personal data is required to enable us to provide our services or to perform our contract with you. If we are not provided with the personal data we ask for, it may delay or prevent us from providing the services which you are requesting or performing our contractual obligations towards you.
Please note that where you contact us, we may keep a record of that correspondence.
NON-PERSONAL DATA WE COLLECT
We may collect statistical information about your visit to help us improve the Website. This information is aggregated and non-personally identifying. It includes:
- your IP address;
- the search terms you used;
- the pages you accessed on our Website and the links you clicked on;
- your operating system (e.g., Windows XP, Mac OSX);
- the type of web browser you use (e.g. Mozilla Firefox, Internet Explorer) and the version of browser software
- the date and time you visited the site;
- content of access (links browsed not the page content)
- access status (successful transmission/error)
- webpage accessed
- other incidental matters such as screen resolution, the release of your installed Flash version and the language setting of your browser.
The statistical information referred to above will be viewable by our site administrators and certain other Phantom Network staff.
In addition to the data collection, our website uses Cookies to distinguish you from other users of our Website. This helps us to provide you with a good experience when you browse our Website and also allows us to improve our Website. More detailed information about the Cookies we use and the purposes for which we use them can be found in our Cookie Policy.
HOW PERSONAL DATA IS COLLECTED
We collect your personal data directly when you interact with us via our Website, when you create an account on the Website and indirectly through the use of cookies and web beacons.
HOW AND WHY WE USE PERSONAL DATA
Under Data Protection legislation, we can only use personal data if we have a legal basis for doing so. These are mandated by the legislation and include:
- your consent;
- for the performance of our contract with you or to take steps before entering into a contract;
- to comply with our legal and regulatory obligations; or
- for our legitimate interests or those of a third party.
A legitimate interest is when we have a business or commercial reason to use personal data, so long as this is not overridden by the data subject’s own rights and freedoms.
The table below explains what we use (process) personal data for (our purpose) and our legal basis for doing so:
Our purpose
Our legal basis
To enable us to engage with our users and provide the services they require including taking payment and delivering updates/ marketing our services
For the performance of our contract with you or to take steps before entering into a contract with you and for our legitimate interest
To enable us to pay suppliers of other services
For the performance of our contract with you or to take steps before entering into a contract with you
Operational reasons, such as maintaining the operational effectiveness of our Website including account and usage ranking etc.
For our legitimate interests or those of a third party, e.g. to identify and remedy problems with our Website usage
Ensuring the confidentiality of personal data
For our legitimate interests or those of a third party, e.g. to prevent data breaches
To comply with our legal and regulatory obligations
To enable you to purchase from the Website
For the performance of our contract with you or to take steps before entering into a contract with you
The above table does not apply to special category personal data, which we do not anticipate that we will process. Should this situation change, we will update this Notice.
PROMOTIONAL COMMUNICATIONS
We will always treat your personal data with the utmost respect and never sell it to other organisations for marketing purposes.
WHO WE SHARE PERSONAL DATA WITH
We only share personal data with users who need to know it for the purpose of carrying out any order you place on the Website and our retained external third party service providers, such as Zendesk, Inc. and those who assist with the provision of our Website and maintenance of our IT systems.
We only allow our external third parties to handle personal data if we are satisfied they take all appropriate measures to protect all personal data and only on our written instructions.
We may very occasionally disclose and exchange information with regulatory bodies to comply with our legal and regulatory obligations.
WHERE PERSONAL DATA IS HELD
Personal data is kept securely in a password protected environment. Where we engage cloud-based service providers, it is on the basis of a written Data Processing Agreement and we conduct due diligence on the location of the servers on which our data is stored.
Many of our suppliers store data on servers which may be located outside the United Kingdom. For more information, including on how we safeguard personal data if it is transferred outside the UK, see below: ‘Transferring personal data out of the UK’.
KEEPING PERSONAL DATA SECURE
The privacy and the security of personal data is our utmost priority, and we recognise our obligation to keep it secure and private.
We have put in place industry-standard security practices to prevent personal data from being accidentally lost or used or accessed unlawfully including:
- password protection;
- access restriction or control;
- data encryption (end to end);
- data security and privacy awareness and training for all staff;
- the use of a Distributed Denial of Solution (DDoS) protection service;
- antivirus software; and
- measures to monitor intrusion detection and prevention systems (IDS/IPS).
We maintain technical, physical and administrative safeguards and review and update them regularly
We also limit access to any personal data to our employees and contractors with a genuine business need to access it and subject them to strict obligations of confidence.
HOW LONG PERSONAL DATA WILL BE KEPT
We will retain billing information (including crypto wallet addresses) of users for the duration of our contractual relationship with those users and then a period of 6 years.
Subject to the paragraph below, we will retain other personal data of customers for only so long as they use our Website or until consent is withdrawn.
Please note that we will store your personal data for a maximum of 14 months for research purposes in order to fulfill and offer additional Website features including, but not limited to the awarding of account ranks based on user behaviour and usage of our services. The legal basis for this is our legitimate interest as set out in the previous table.
When it is no longer necessary to retain personal data, we will delete it.
TRANSFERRING PERSONAL DATA OUT OF THE UK
Some of our third party providers may store our data on servers which may be located outside the UK.
These transfers are subject to special rules and safeguards under European and UK data protection law with which we fully comply. For more information regarding these rules, please contact gm@phantom.sh.
RIGHTS
All data subjects have the following rights, which can be exercised free of charge:
Access
The right to be provided with a copy of personal data held on a data subject
Rectification
The right to require us to correct any mistakes in a data subject’s personal data
To be forgotten
The right to require us to delete personal data—in certain situations
Restriction of processing
The right to require us to restrict processing of certain personal data—in certain circumstances, e.g. if the accuracy of the data is contested
Data portability
The right to receive the personal data provided to us, in a structured, commonly used and machine-readable format and/or transmit that data to a third party—in certain situations
To object
The right to object:
- at any time to personal data being processed for direct marketing (including profiling);
- in certain other situations to our continued processing of personal data, e.g. processing carried out for the purpose of our legitimate interests.
Not to be subject to automated individual decision-making
The right not to be subject to a decision based solely on automated processing (including profiling) that produces legal effects concerning a data subject
To withdraw consent
The right to withdraw consent as a legal basis for processing, at any time
For further information on each of those rights, including the circumstances in which they apply, please contact us or see the Guidance from the UK Information Commissioner’s Office (ICO) on individuals’ rights under the General Data Protection Regulation.
To exercise any of those rights, please contact us —see below: ‘How to contact us’. Please note, that we may require proof of your identity before being able to provide you with any personal information.
You may also have additional rights depending on the country in which you reside. For more information you can contact your local data authority. A list of relevant data authorities can be found here: https://www.cnil.fr/en/data-protection-around-the-world.
HOW TO COMPLAIN
We hope that we can resolve any query or concern raised about our use of personal information.
The General Data Protection Regulation also gives the right to lodge a complaint with a supervisory authority. The supervisory authority in the UK is the Information Commissioner who may be contacted at https://ico.org.uk/concerns or telephone: 0303 123 1113. Please see the above link for alternative data authorise depending on location.
CHANGES TO THIS PRIVACY POLICY
We may change this privacy policy from time to time, when we do we will inform data subjects via our Website.
HOW TO CONTACT US
We can be contacted by email.
For all data subject rights, please contact privacy@phantom.sh.