Privacy Policy for Bonuz Social Smart Wallet
Privacy Policy for Bonuz Social Smart Wallet
Privacy Policy for Bonuz Social Smart Wallet
Last update: 19 March, 2024
Last update: 19 March, 2024
Last update: 19 March, 2024
Intro
BONUZ TECHNOLOGY DMCC (“Bonuz” or “we”) welcomes you. This Privacy Notice (“Privacy Notice”) applies to our mobile application (“App”) available in the App Store and Google Play.
The Privacy Notice describes which of your personal data the App collects, how it stores, processes, and uses it, and what happens when you use the App.
About you
When you download and install the App, you become our user (“User”).
We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.
Type of User Description Registered User User who has registered on the App Account User User who has customized the account Chat User User who communicate with other users in the chat Partner User who fills out the “Partner Inquiry” form Please note! We do not knowingly process Users’ personal data under the age of 13. If you are such a User or the legal representative of such a User, please contact us.
Personal data
Sources of data
We receive your data when you download the App and interact with it, depending on your actions on the App.
You can change your personal data by exercising your right to rectification or by the App functionality. Please note that the same lawful basis and storage terms apply to the changed data.
We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.
Lawful bases for processing
To process your personal data, we rely on the following lawful bases:
performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Use) with you;
legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations, protection of your interest;
legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
consent — for additional specific purposes.
Users’ data
When you visit the Website, we collect some data automatically. We collect some technical data about the Users to optimize performance, debug issues, and enhance features while ensuring security and privacy to improve the overall user experience.
Most of the technical data we collect are anonymous, but some data is associated with your IP address and device ID. Please read about personal technical data below.
Data Reasons for processing Lawful basis Information about the сoarse location (geolocation, country) The optimization of the performance, debugging, enhancement of the features’ proper functioning, administering and improvement of the App Performance of the contract Technical device information and network information (including, User ID, session identifier (JSON Web Token) Data storage We store the data for 3 years from its collection
Registered Users’ data
We collect some of your personal data when you register in the App.
Data Reasons for processing Lawful basis Email from social login To create an account Performance of the contract Data storage We store the data for 3 years after you delete your account
Account Users’ data
We collect some of your personal data when you customize your account in the App.
Data Reasons for processing Lawful basis Full name To customize your account Performance of the contract Bonuz username Profile photo Links (social networks, messaging apps, blockchain&wallets, decentralized identifiers) Fingerprint or facial recognition To set up protection for your account Email from social login To complete two-factor verification Data storage We store the data for 3 years after you delete your account
Chat Users’ data
We collect some of your personal data when you communicate with other users in the chat in the App.
Data Reasons for processing Lawful basis Text of messages To communicate with other users of the App Performance of the contract Data storage We store the data for 3 years after you delete your account
Partners’ data
We collect some of your personal data when you fill out the “Partner Inquiry” form.
Data Reasons for processing Lawful basis Name To understand your partnership request, contact you and enter into a partnership with you Performance of the contract Email Field of activity Website Social media links Phone number Messengers contact information Expectations from partnership Referrals Meeting schedule link Data storage In case of entering into a partnership, we store the data for 3 years from the date of termination of the partnership In case of not entering into a partnership, we store the data for 3 years after the last communication
Data received from third parties
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the lawful basis for processing is determined by the respective privacy documents of these third parties.
Third party Privacy documents 1inch https://1inch.io/assets/1inch_network_privacy_policy.pdf Xy.finance https://docs.xy.finance/additional-resources/terms-of-use biconomy https://forum.biconomy.io/privacy Web3auth https://web3auth.io/docs/legal/privacy-policy Google https://cloud.google.com/terms/cloud-privacy-notice Bonuz Inc. https://enter.bonuz.market/privacy-policy Covalent https://www.covalenthq.com/privacy-policy/ Alchemy https://www.alchemy.com/terms-conditions/privacy-policy
Data sharing with third parties
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third parties.
Third parties Description Analytics tools We use analytics tools to understand and promote our business. Messengers We use messengers to communicate with you in ways that are convenient for you. Blockchain providers We use blockchain and related providers to create non-custodial wallets, securely store data, complete authentication or transaction, etc. Data storage services We use various cloud services that allow us to securely store data on remote servers. Contractors, and service providers on the App We cooperate with service providers and contractors to provide you with their services, operate, develop, and improve the features and functionality of the App, etc. Providers of the services our team uses We use CRM systems, messengers, and other services in our organisation to provide you with our services. State authorities, courts, law enforcement agencies, etc We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies: • to comply with a government request, court order, or applicable law; • to prevent unlawful use of the App; • to protect against claims of third parties; • to help prevent or investigate fraud. To get a detailed list of the third-party recipients of your personal data, https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1.
In addition, we transfer some of your data to verified business partners when you participate in quests and engage in events or functions of these partners. The data may include:
Data Reasons for processing Lawful basis Bonuz ID: • non-custodial wallet address; • links and authentications in social networks; • links and authentications on the blockchain; • LensProtocol, PolygonID, Anima, Worldcoin. To provide you with rewards Performance of the contract Data storage We store the data for 3 years after you delete your account
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.
Data sharing outside the European Economic Area
The personal data we collect is stored within the EU.
We may share personal data with recipients in other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation and Personal Data Protection Law (UAE).
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient.
If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
Data protection
We apply a variety of security measures appropriate to the possible risks.
Organizational measures Internal policies and instructions Non-disclosure agreements (NDA) Transfer protection
Technical measures Two-factor authentication Backups Firewalls Encryption technologies
Data subjects rights
You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
European Economic Area and United Kingdom residents
Right Description Right to access You can request an explanation of the processing of your personal data. Right to rectification You can change the data if it is inaccurate or incomplete. Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. Right to restrict the processing You may partially or completely prohibit us from processing your personal data. Right to data portability You can request all the data you provided to us and request to transfer data to another controller. Right to object You may object to the processing of your personal data. Right to withdraw consent You can withdraw your consent at any time. Right to file a complaint If your request was not satisfied, you could file a complaint to the regulatory body. To exercise your rights, https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1. For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it https://edpb.europa.eu/about-edpb/about-edpb/members_en. For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at http://www.ico.org.uk/concerns.
United Arab Emirates residents
Right Description Right to access You can request the personal data provided to us for processing, in a structured and machine-readable format if the processing is based on consent or the performance of the contract, and implemented by automated means Right to rectification You can change the data if it is inaccurate or incomplete. Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. Right to object/opt-out You may object to the processing of your personal data. Right to data portability You can request all the data you provided to us and request to transfer data to another controller where technically feasible. Right not to be subject to automated decision-making You can object to decisions based on automated processing. Right to lodge a complaint If your request was not satisfied, you could file a complaint to the regulatory body. To exercise your rights, contact us. We will answer your request within one month. If your request is not satisfied, you can submit a complaint to https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws.
United States residents
Your rights vary depending on the state of your residency, as indicated below.
Right Description Area Right to access You can request an explanation of the processing of your personal data. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to correct You can change the data if it is inaccurate or incomplete. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Virginia. Right to delete You can send us a request to delete your personal data from our systems. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to portability You can request all the data you provided to us and request to transfer data to another controller. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of sales The right to opt out of the sale of personal data to third parties. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of certain purposes The right to opt out of processing for profiling/targeted advertising purposes. • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of the processing of sensitive data The right to opt-out of processing of sensitive data. • California. Right to opt in for sensitive data processing The right to opt in before processing sensitive data. • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Virginia. Right against automated decision-making A prohibition against a business making decisions about a consumer based solely on an automated process without human input • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Virginia. Private right of action The right to seek civil damages from a controller for violations of a statute. • California. To exercise your rights, contact us. We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint to the https://www.ftc.gov/about-ftc/contact. Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1.
Do not sell my personal information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.
Bonuz does not sell your personal information to anyone nor use your data as a business model.
However, we support CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.
Do-not-track requests
California residents visiting the App may request that we do not automatically gather and track information about their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently cannot honor these requests. We may modify this Privacy Notice as our abilities change.
Privacy Notice updates
This Privacy Notice is developed according to the General Data Protection Regulation, Personal Data Protection Law (UAE), other applicable privacy laws, and best privacy practices.
Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on the App.
Suppose there are material changes to the Privacy Notice or the App that affect your data privacy rights. In that case, we will notify you by displaying information on the App and, if necessary, ask for your consent.
About us
We are the controller of your personal data processed through the App. This means that we determine the purposes and means of personal data processing.
Name BONUZ TECHNOLOGY DMCC Email hello ( at) bonuz. tech – for general inquiries hello (at) bonuz. tech – for privacy inquiries
Intro
BONUZ TECHNOLOGY DMCC (“Bonuz” or “we”) welcomes you. This Privacy Notice (“Privacy Notice”) applies to our mobile application (“App”) available in the App Store and Google Play.
The Privacy Notice describes which of your personal data the App collects, how it stores, processes, and uses it, and what happens when you use the App.
About you
When you download and install the App, you become our user (“User”).
We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.
Type of User Description Registered User User who has registered on the App Account User User who has customized the account Chat User User who communicate with other users in the chat Partner User who fills out the “Partner Inquiry” form Please note! We do not knowingly process Users’ personal data under the age of 13. If you are such a User or the legal representative of such a User, please contact us.
Personal data
Sources of data
We receive your data when you download the App and interact with it, depending on your actions on the App.
You can change your personal data by exercising your right to rectification or by the App functionality. Please note that the same lawful basis and storage terms apply to the changed data.
We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.
Lawful bases for processing
To process your personal data, we rely on the following lawful bases:
performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Use) with you;
legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations, protection of your interest;
legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
consent — for additional specific purposes.
Users’ data
When you visit the Website, we collect some data automatically. We collect some technical data about the Users to optimize performance, debug issues, and enhance features while ensuring security and privacy to improve the overall user experience.
Most of the technical data we collect are anonymous, but some data is associated with your IP address and device ID. Please read about personal technical data below.
Data Reasons for processing Lawful basis Information about the сoarse location (geolocation, country) The optimization of the performance, debugging, enhancement of the features’ proper functioning, administering and improvement of the App Performance of the contract Technical device information and network information (including, User ID, session identifier (JSON Web Token) Data storage We store the data for 3 years from its collection
Registered Users’ data
We collect some of your personal data when you register in the App.
Data Reasons for processing Lawful basis Email from social login To create an account Performance of the contract Data storage We store the data for 3 years after you delete your account
Account Users’ data
We collect some of your personal data when you customize your account in the App.
Data Reasons for processing Lawful basis Full name To customize your account Performance of the contract Bonuz username Profile photo Links (social networks, messaging apps, blockchain&wallets, decentralized identifiers) Fingerprint or facial recognition To set up protection for your account Email from social login To complete two-factor verification Data storage We store the data for 3 years after you delete your account
Chat Users’ data
We collect some of your personal data when you communicate with other users in the chat in the App.
Data Reasons for processing Lawful basis Text of messages To communicate with other users of the App Performance of the contract Data storage We store the data for 3 years after you delete your account
Partners’ data
We collect some of your personal data when you fill out the “Partner Inquiry” form.
Data Reasons for processing Lawful basis Name To understand your partnership request, contact you and enter into a partnership with you Performance of the contract Email Field of activity Website Social media links Phone number Messengers contact information Expectations from partnership Referrals Meeting schedule link Data storage In case of entering into a partnership, we store the data for 3 years from the date of termination of the partnership In case of not entering into a partnership, we store the data for 3 years after the last communication
Data received from third parties
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the lawful basis for processing is determined by the respective privacy documents of these third parties.
Third party Privacy documents 1inch https://1inch.io/assets/1inch_network_privacy_policy.pdf Xy.finance https://docs.xy.finance/additional-resources/terms-of-use biconomy https://forum.biconomy.io/privacy Web3auth https://web3auth.io/docs/legal/privacy-policy Google https://cloud.google.com/terms/cloud-privacy-notice Bonuz Inc. https://enter.bonuz.market/privacy-policy Covalent https://www.covalenthq.com/privacy-policy/ Alchemy https://www.alchemy.com/terms-conditions/privacy-policy
Data sharing with third parties
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third parties.
Third parties Description Analytics tools We use analytics tools to understand and promote our business. Messengers We use messengers to communicate with you in ways that are convenient for you. Blockchain providers We use blockchain and related providers to create non-custodial wallets, securely store data, complete authentication or transaction, etc. Data storage services We use various cloud services that allow us to securely store data on remote servers. Contractors, and service providers on the App We cooperate with service providers and contractors to provide you with their services, operate, develop, and improve the features and functionality of the App, etc. Providers of the services our team uses We use CRM systems, messengers, and other services in our organisation to provide you with our services. State authorities, courts, law enforcement agencies, etc We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies: • to comply with a government request, court order, or applicable law; • to prevent unlawful use of the App; • to protect against claims of third parties; • to help prevent or investigate fraud. To get a detailed list of the third-party recipients of your personal data, https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1.
In addition, we transfer some of your data to verified business partners when you participate in quests and engage in events or functions of these partners. The data may include:
Data Reasons for processing Lawful basis Bonuz ID: • non-custodial wallet address; • links and authentications in social networks; • links and authentications on the blockchain; • LensProtocol, PolygonID, Anima, Worldcoin. To provide you with rewards Performance of the contract Data storage We store the data for 3 years after you delete your account
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.
Data sharing outside the European Economic Area
The personal data we collect is stored within the EU.
We may share personal data with recipients in other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation and Personal Data Protection Law (UAE).
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient.
If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
Data protection
We apply a variety of security measures appropriate to the possible risks.
Organizational measures Internal policies and instructions Non-disclosure agreements (NDA) Transfer protection
Technical measures Two-factor authentication Backups Firewalls Encryption technologies
Data subjects rights
You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
European Economic Area and United Kingdom residents
Right Description Right to access You can request an explanation of the processing of your personal data. Right to rectification You can change the data if it is inaccurate or incomplete. Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. Right to restrict the processing You may partially or completely prohibit us from processing your personal data. Right to data portability You can request all the data you provided to us and request to transfer data to another controller. Right to object You may object to the processing of your personal data. Right to withdraw consent You can withdraw your consent at any time. Right to file a complaint If your request was not satisfied, you could file a complaint to the regulatory body. To exercise your rights, https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1. For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it https://edpb.europa.eu/about-edpb/about-edpb/members_en. For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at http://www.ico.org.uk/concerns.
United Arab Emirates residents
Right Description Right to access You can request the personal data provided to us for processing, in a structured and machine-readable format if the processing is based on consent or the performance of the contract, and implemented by automated means Right to rectification You can change the data if it is inaccurate or incomplete. Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. Right to object/opt-out You may object to the processing of your personal data. Right to data portability You can request all the data you provided to us and request to transfer data to another controller where technically feasible. Right not to be subject to automated decision-making You can object to decisions based on automated processing. Right to lodge a complaint If your request was not satisfied, you could file a complaint to the regulatory body. To exercise your rights, contact us. We will answer your request within one month. If your request is not satisfied, you can submit a complaint to https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws.
United States residents
Your rights vary depending on the state of your residency, as indicated below.
Right Description Area Right to access You can request an explanation of the processing of your personal data. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to correct You can change the data if it is inaccurate or incomplete. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Virginia. Right to delete You can send us a request to delete your personal data from our systems. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to portability You can request all the data you provided to us and request to transfer data to another controller. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of sales The right to opt out of the sale of personal data to third parties. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of certain purposes The right to opt out of processing for profiling/targeted advertising purposes. • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of the processing of sensitive data The right to opt-out of processing of sensitive data. • California. Right to opt in for sensitive data processing The right to opt in before processing sensitive data. • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Virginia. Right against automated decision-making A prohibition against a business making decisions about a consumer based solely on an automated process without human input • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Virginia. Private right of action The right to seek civil damages from a controller for violations of a statute. • California. To exercise your rights, contact us. We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint to the https://www.ftc.gov/about-ftc/contact. Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1.
Do not sell my personal information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.
Bonuz does not sell your personal information to anyone nor use your data as a business model.
However, we support CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.
Do-not-track requests
California residents visiting the App may request that we do not automatically gather and track information about their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently cannot honor these requests. We may modify this Privacy Notice as our abilities change.
Privacy Notice updates
This Privacy Notice is developed according to the General Data Protection Regulation, Personal Data Protection Law (UAE), other applicable privacy laws, and best privacy practices.
Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on the App.
Suppose there are material changes to the Privacy Notice or the App that affect your data privacy rights. In that case, we will notify you by displaying information on the App and, if necessary, ask for your consent.
About us
We are the controller of your personal data processed through the App. This means that we determine the purposes and means of personal data processing.
Name BONUZ TECHNOLOGY DMCC Email hello ( at) bonuz. tech – for general inquiries hello (at) bonuz. tech – for privacy inquiries
Intro
BONUZ TECHNOLOGY DMCC (“Bonuz” or “we”) welcomes you. This Privacy Notice (“Privacy Notice”) applies to our mobile application (“App”) available in the App Store and Google Play.
The Privacy Notice describes which of your personal data the App collects, how it stores, processes, and uses it, and what happens when you use the App.
About you
When you download and install the App, you become our user (“User”).
We divide the Users into categories so you can easily find details about the processing of your personal data. Pay attention that you can fall into several categories depending on your actions.
Type of User Description Registered User User who has registered on the App Account User User who has customized the account Chat User User who communicate with other users in the chat Partner User who fills out the “Partner Inquiry” form Please note! We do not knowingly process Users’ personal data under the age of 13. If you are such a User or the legal representative of such a User, please contact us.
Personal data
Sources of data
We receive your data when you download the App and interact with it, depending on your actions on the App.
You can change your personal data by exercising your right to rectification or by the App functionality. Please note that the same lawful basis and storage terms apply to the changed data.
We may also (although we do not necessarily do so) receive data from third parties. It depends on your settings and the features you use.
Lawful bases for processing
To process your personal data, we rely on the following lawful bases:
performance of the contract — for the processing of personal data necessary for the negotiating on, conclusion, and performance of a contract (mainly, the Terms of Use) with you;
legitimate interest — for the processing necessary for the development of our services, taking into consideration your interests, rights, and expectations, protection of your interest;
legal obligation — for the processing as required by applicable laws (for example, to comply with tax or KYC/AML regulations) or if requested by a law enforcement agency, court, supervisory authority, or another state-authorized public body;
consent — for additional specific purposes.
Users’ data
When you visit the Website, we collect some data automatically. We collect some technical data about the Users to optimize performance, debug issues, and enhance features while ensuring security and privacy to improve the overall user experience.
Most of the technical data we collect are anonymous, but some data is associated with your IP address and device ID. Please read about personal technical data below.
Data Reasons for processing Lawful basis Information about the сoarse location (geolocation, country) The optimization of the performance, debugging, enhancement of the features’ proper functioning, administering and improvement of the App Performance of the contract Technical device information and network information (including, User ID, session identifier (JSON Web Token) Data storage We store the data for 3 years from its collection
Registered Users’ data
We collect some of your personal data when you register in the App.
Data Reasons for processing Lawful basis Email from social login To create an account Performance of the contract Data storage We store the data for 3 years after you delete your account
Account Users’ data
We collect some of your personal data when you customize your account in the App.
Data Reasons for processing Lawful basis Full name To customize your account Performance of the contract Bonuz username Profile photo Links (social networks, messaging apps, blockchain&wallets, decentralized identifiers) Fingerprint or facial recognition To set up protection for your account Email from social login To complete two-factor verification Data storage We store the data for 3 years after you delete your account
Chat Users’ data
We collect some of your personal data when you communicate with other users in the chat in the App.
Data Reasons for processing Lawful basis Text of messages To communicate with other users of the App Performance of the contract Data storage We store the data for 3 years after you delete your account
Partners’ data
We collect some of your personal data when you fill out the “Partner Inquiry” form.
Data Reasons for processing Lawful basis Name To understand your partnership request, contact you and enter into a partnership with you Performance of the contract Email Field of activity Website Social media links Phone number Messengers contact information Expectations from partnership Referrals Meeting schedule link Data storage In case of entering into a partnership, we store the data for 3 years from the date of termination of the partnership In case of not entering into a partnership, we store the data for 3 years after the last communication
Data received from third parties
We may receive some personal data from third parties.
The amount of data collected, the purposes, and the lawful basis for processing is determined by the respective privacy documents of these third parties.
Third party Privacy documents 1inch https://1inch.io/assets/1inch_network_privacy_policy.pdf Xy.finance https://docs.xy.finance/additional-resources/terms-of-use biconomy https://forum.biconomy.io/privacy Web3auth https://web3auth.io/docs/legal/privacy-policy Google https://cloud.google.com/terms/cloud-privacy-notice Bonuz Inc. https://enter.bonuz.market/privacy-policy Covalent https://www.covalenthq.com/privacy-policy/ Alchemy https://www.alchemy.com/terms-conditions/privacy-policy
Data sharing with third parties
We can share your personal data with third parties without any harm to you and in full compliance with applicable law. In addition, we have implemented organizational and technical measures to ensure the security of personal data during data transfer to third parties.
Third parties Description Analytics tools We use analytics tools to understand and promote our business. Messengers We use messengers to communicate with you in ways that are convenient for you. Blockchain providers We use blockchain and related providers to create non-custodial wallets, securely store data, complete authentication or transaction, etc. Data storage services We use various cloud services that allow us to securely store data on remote servers. Contractors, and service providers on the App We cooperate with service providers and contractors to provide you with their services, operate, develop, and improve the features and functionality of the App, etc. Providers of the services our team uses We use CRM systems, messengers, and other services in our organisation to provide you with our services. State authorities, courts, law enforcement agencies, etc We may be obliged to transfer some of your data to tax authorities, courts, law enforcement agencies, and other governmental bodies: • to comply with a government request, court order, or applicable law; • to prevent unlawful use of the App; • to protect against claims of third parties; • to help prevent or investigate fraud. To get a detailed list of the third-party recipients of your personal data, https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1.
In addition, we transfer some of your data to verified business partners when you participate in quests and engage in events or functions of these partners. The data may include:
Data Reasons for processing Lawful basis Bonuz ID: • non-custodial wallet address; • links and authentications in social networks; • links and authentications on the blockchain; • LensProtocol, PolygonID, Anima, Worldcoin. To provide you with rewards Performance of the contract Data storage We store the data for 3 years after you delete your account
To share your data, we rely on the following lawful bases, depending on the case: consent, compliance with the law, and performance of a contract.
Data sharing outside the European Economic Area
The personal data we collect is stored within the EU.
We may share personal data with recipients in other countries, including non-EEA ones, ensuring that your data is protected and processed in accordance with the General Data Protection Regulation and Personal Data Protection Law (UAE).
To share the data outside the EEA, we rely on the adequacy decision by the European Commission or the Data Privacy Framework participation of the recipient.
If the recipient does not participate in the Data Privacy Framework and its country is not deemed to provide an adequate level of protection for your personal data, we adopt Standard Contractual Clauses based on legislation assessments for data protection during transfer and storage.
You can read more detailed measures to protect your personal data here.
Data protection
We apply a variety of security measures appropriate to the possible risks.
Organizational measures Internal policies and instructions Non-disclosure agreements (NDA) Transfer protection
Technical measures Two-factor authentication Backups Firewalls Encryption technologies
Data subjects rights
You, as a data subject (individual), have the right to interact with your data directly or through a request to us. This section describes these rights and how you can exercise them depending on your residency.
European Economic Area and United Kingdom residents
Right Description Right to access You can request an explanation of the processing of your personal data. Right to rectification You can change the data if it is inaccurate or incomplete. Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. Right to restrict the processing You may partially or completely prohibit us from processing your personal data. Right to data portability You can request all the data you provided to us and request to transfer data to another controller. Right to object You may object to the processing of your personal data. Right to withdraw consent You can withdraw your consent at any time. Right to file a complaint If your request was not satisfied, you could file a complaint to the regulatory body. To exercise your rights, https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1. For EEA residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint to your local Data Protection Authority. You may find it https://edpb.europa.eu/about-edpb/about-edpb/members_en. For UK residents: We will answer your request within one month. If your request is not satisfied, you can submit a complaint at the Information Commissioner’s Office via number 0303-123-1113 or go online at http://www.ico.org.uk/concerns.
United Arab Emirates residents
Right Description Right to access You can request the personal data provided to us for processing, in a structured and machine-readable format if the processing is based on consent or the performance of the contract, and implemented by automated means Right to rectification You can change the data if it is inaccurate or incomplete. Right to erasure You can send us a request to delete your personal data from our systems. We will remove them unless otherwise provided by law. Right to object/opt-out You may object to the processing of your personal data. Right to data portability You can request all the data you provided to us and request to transfer data to another controller where technically feasible. Right not to be subject to automated decision-making You can object to decisions based on automated processing. Right to lodge a complaint If your request was not satisfied, you could file a complaint to the regulatory body. To exercise your rights, contact us. We will answer your request within one month. If your request is not satisfied, you can submit a complaint to https://u.ae/en/about-the-uae/digital-uae/data/data-protection-laws.
United States residents
Your rights vary depending on the state of your residency, as indicated below.
Right Description Area Right to access You can request an explanation of the processing of your personal data. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to correct You can change the data if it is inaccurate or incomplete. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Virginia. Right to delete You can send us a request to delete your personal data from our systems. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to portability You can request all the data you provided to us and request to transfer data to another controller. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of sales The right to opt out of the sale of personal data to third parties. • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of certain purposes The right to opt out of processing for profiling/targeted advertising purposes. • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Utah; • Virginia. Right to opt out of the processing of sensitive data The right to opt-out of processing of sensitive data. • California. Right to opt in for sensitive data processing The right to opt in before processing sensitive data. • Colorado; • Connecticut; • Delaware; • Indiana; • Montana; • Tennessee; • Texas; • Virginia. Right against automated decision-making A prohibition against a business making decisions about a consumer based solely on an automated process without human input • California; • Colorado; • Connecticut; • Delaware; • Indiana; • Iowa; • Montana; • Tennessee; • Texas; • Virginia. Private right of action The right to seek civil damages from a controller for violations of a statute. • California. To exercise your rights, contact us. We will answer your request within 30 to 60 days, depending on the state and legislative requirements. If your complaint is not satisfied, you can submit a complaint to the https://www.ftc.gov/about-ftc/contact. Please note! Some states do not have privacy laws. The rights of residents of such states are governed by U.S. federal law. If your state is not on the list, please https://docs.google.com/document/d/10oBL9nvCXtMuaPpgwVIbN8iHM5XEQGuP0VceJV2Dufk/edit#heading=h.umhp8vanmzz1.
Do not sell my personal information
California residents have the right under the California Consumer Privacy Act (“CCPA”) to opt out of the “sale” of their personal information by a company governed by CCPA.
Bonuz does not sell your personal information to anyone nor use your data as a business model.
However, we support CCPA by allowing California residents to opt out of any future sale of their personal information. If you would like to record your preference that we will not sell your data in the future, please contact us.
Do-not-track requests
California residents visiting the App may request that we do not automatically gather and track information about their online browsing movements across the Internet.
Such requests are typically made through web browser settings that control signals or other mechanisms that allow consumers to exercise choice regarding collecting personal data about an individual consumer’s online activities over time and across third-party websites or online services.
We currently cannot honor these requests. We may modify this Privacy Notice as our abilities change.
Privacy Notice updates
This Privacy Notice is developed according to the General Data Protection Regulation, Personal Data Protection Law (UAE), other applicable privacy laws, and best privacy practices.
Existing laws and requirements for the processing of personal data are subject to change. In this case, we will publish a new version of the Privacy Notice on the App.
Suppose there are material changes to the Privacy Notice or the App that affect your data privacy rights. In that case, we will notify you by displaying information on the App and, if necessary, ask for your consent.
About us
We are the controller of your personal data processed through the App. This means that we determine the purposes and means of personal data processing.
Name BONUZ TECHNOLOGY DMCC Email hello ( at) bonuz. tech – for general inquiries hello (at) bonuz. tech – for privacy inquiries
Join our E-Mail list
Stay up to date about new releases of the Bonuz Ecosystem!
Join our E-Mail list
Stay up to date about new releases of the Bonuz Ecosystem!
Join our E-Mail list
Stay up to date about new releases of the Bonuz Ecosystem!