Privacy Policy

This Privacy Policy, along with other policies available on Illuvium.io, applies to your use of Illuvium’s Services (as defined in our General Terms available here) whether or not access is achieved through Illuvium.io or third parties (such as Google Play or App Store) or by directly interacting with Illuvium smart contracts.

Where we refer to “Illuvium”, “us”, “we” or “our” in this Policy, we are referring to the Illuvium Labs FZCO (Data Representative), as delegate of the Illuvium DAO, who oversees the effective maintenance of this Policy and who manages Customer Data in accordance with the terms of this Privacy Policy.

Defined terms used in this Privacy Policy are defined in our General Terms, unless an alternative definition is expressly specified in this Privacy Policy.

Introduction

We are committed to operating with the highest level of integrity and respecting your privacy. This Privacy Policy, as may be amended by us from time to time, sets out the details relating to your data relationship with the Illuvium Labs FZCO, Illuvium’s Data Representative. Your access to and use of the Services and the Interface are conditioned on your acceptance of and compliance with this Privacy Policy. By providing Personal Information to us, you consent to our collection, use, and disclosure of your Personal Information in accordance with this Privacy Policy and any other arrangements that apply between us. We may change our Privacy Policy from time to time by publishing changes to it on our website. We encourage you to check our website periodically to ensure that you understand our current Privacy Policy.

• If you are a resident of the European Union, supplementary terms at ANNEXURE A relating to the GDPR apply.
• If you are a resident of the United States, supplementary terms at ANNEXURE B apply (including some terms which only apply to California residents).
• Our Cookie Policy is at ANNEXURE C. Please read these additional terms carefully as they supplement these Terms and form part of our agreement with you.

What Personal Information do we collect?

Personal Information includes information or an opinion about an individual that is reasonably identifiable. For example, this may include your name, age, gender, postcode, and contact details. It may also include financial information, including your credit card information. The categories of Personal Information we may collect and process depends upon the nature of your dealings with us and may include:

1. Personal details: name; gender, date of birth, nationality, tax residency;
2. Contact details: email address; address, mobile number, social media account;
3. Interaction details: activity details of your interactions with Illuvium including products purchased, Services used, activity details of related purchases, preferences, interactions;
4. Payment details: payment and transaction information, including your bank and credit card details;
5. Technical information: your device ID, device type, geo-location, computer and connection information, statistics on page views, traffic to and from our websites, ad data, IP addresses and web log information;
6. Blockchain transactions: any bids, offers, buys, sells, transfers (including involving staking and liquidity provision), fees, withdrawals, claims, mints, burns, or other like interactions associated with your IP address, your Ethereum public address, your Immutable X public address or other public address;
7. Customer support: details of the Services we have provided to you or that you have enquired about, including any additional information necessary to deliver those Services and respond to your enquiries; and
8. Feedback information: information you provide to us through surveys.

How do we collect personal information?

We may collect Personal Information about you when You:

1. Access our Services including visit our Interface, download a game, register for an Account or make a purchase or place an order for our digital or physical goods or Services;
2. Communicate with us through correspondence, chats, email, or when you share information with us from other social applications, Services or websites;
3. Make enquiries, report suspicious market activity or submit comments, bug reports, ideas, or other feedback about the Interface and our Services;
4. Connect your compatible Ethereum wallet to the Illuvium Interface, create an Immutable X wallet and connect the Immutable X wallet to the Illuvium Interface, sign a blockchain transaction or otherwise interact with the suite of smart contracts that comprise the Illuvium protocol from time to time;
5. Interact with our Interface, Services, content and advertising; or join a mailing list;
6. Participate in a competition, promotion or survey;
7. Post a review, rating, comment, or other user-generated content on one of our websites or applications; and
8. Invest in Illuvium or enquire as to a potential investment.
9. We may also collect Personal Information when we receive your Personal Information from third parties who legally provide it to us (including further to recruitment activities).

Why do we collect, use and disclose Personal Information?

We may use your Personal Information to:

1. Enable you to access and use our Services;
2. Operate, protect, improve and optimize our Interface and Services, and our users’ experience, such as to perform analytics, conduct research and for advertising and marketing;
3. Send you service, support and administrative messages, reminders, technical notices, updates, security alerts, and information requested by you;
4. Send you marketing and promotional messages and other information that may be of interest to you, including information sent by, or on behalf of, our business partners that we think you may find interesting;
5. Administer rewards, surveys, contests, or other promotional activities or events sponsored or managed by us or our business partners;
6. Comply with our legal obligations, resolve any disputes that we may have with any of our users, enforce our terms and other agreements, or to protect the rights, property or safety of Illuvium DAO participants or others;
7. Consider your employment or other application; and
8. For any other purpose with your consent.

Disclosure of Personal Information

We may disclose Personal Information for the purposes described in this Privacy Policy to:

1. Our personnel and related bodies corporate and their personnel;
2. Third party suppliers and third party service providers, including providers for the operation of our business or in connection with providing our Services to you;
3. Professional advisers, dealers and agents;
4. Payment systems operators (e.g., merchants receiving card payments);
5. Our existing or potential agents, business partners or partners;
6. Our sponsors or promoters of any competition that we conduct via our Services;
7. Anyone to whom our assets or businesses (or any part of them) are transferred;
8. Specific third parties authorized by you to receive information held by us; and/or
9. Other persons, including government agencies, regulatory bodies and law enforcement agencies, or as required, authorized or permitted by law.

International Transfer of Personal Information

We may disclose Personal Information outside of your country of residence to third party suppliers and cloud providers located outside the EU/EEA. We are responsible for putting in place suitable technical, organizational and contractual safeguards to ensure that any transfer is carried out in compliance with applicable data protection rules, except where the country to which the data is transferred has already been determined by the European Commission to provide an adequate level of protection.

Security

We are responsible for designing systems with your security and privacy in mind. We may hold your Personal Information in either electronic or hard copy form. We take reasonable steps to protect your Personal Information from misuse, interference, and loss, as well as unauthorized access, modification, or disclosure. Due to the emerging and uncertain nature of a DAO, the appointment of the Data Representative to own and control the data collected is a necessary step to prevent unauthorized access to your Personal Information. We use a combination of physical, administrative, personnel and technical measures (such as encryption protocols and software) to protect your Personal Information. You are responsible for safeguarding the password that you use to access the Services, whether your password is supplied to us or to a Third-Party Service provider, who in turn supplies it to us. You agree not to disclose Your password to any third party. You must notify us immediately upon becoming aware of any breach of security or unauthorized use of Your Account.

Direct Marketing

We and/or our carefully selected business partners may send you direct marketing communications and information about our Services. This may take the form of emails, SMS, mail, or other forms of communication. You may opt-out of receiving marketing materials by contacting us using the details below or the opt-out facilities provided (e.g., an unsubscribe link).

Your Rights

Subject to Applicable Laws, you are entitled to the following rights:

1. Right to access

   You have the right to obtain confirmation that your Personal Information is processed and obtain a copy of it as well as specific information related to its processing.

2. Right to rectify

   You can request the rectification of Personal Information that is inaccurate or add to it.

3. Right to delete

   You can, in some cases, have your Personal Information deleted.

4. Right to object

   You can object, for reasons relating to your circumstances, to the processing of your Personal Information.

5. Right to limit processing

   In certain circumstances, you have the right to limit the processing of your Personal Information.

6. Right to portability

   You can request to receive your Personal Information in a structured, commonly used, and machine-readable format, or, when this is possible, that we communicate your Personal Information on your behalf directly to another data controller.

7. Right to withdraw your consent

   For processing requiring your consent, you have the right to withdraw your consent at any time; however, exercising this right does not affect the lawfulness of any processing based on your prior consent.

8. Right to set instructions relating to the use of your Personal Data post mortem

   You have the right to define instructions relating to the retention, deletion, and communication of your Personal Information after your death.

9. Right to complain to the relevant data protection authority

Data Retention

We may hold your Personal Information for as long as it is reasonably necessary to enable you to access and use our Services. We may retain your Personal Data wholly or partly for a longer or shorter period under applicable laws or any other lawful reason. The data retention periods may be altered from time to time based on regulatory or other changes.

Cookies

Our Cookies policy is at ANNEXURE C.

Use of third-party software

Our Services may contain links to third-party web sites or services that are not owned or controlled by us, or by Illuvium, or its bodies corporate. We have no control over, and assume no responsibility for, the content, privacy policies, or practices of any third party web sites or services. Cryptocurrency transactions made through the Illuvium Services are facilitated and run through your compatible Ethereum wallets (e.g. MetaMask, a Third-party Extension). Certain non-fungible tokens (NFTs) are transferred and minted using the Immutable X platform (Third-party Platform). Our Services enable access to an Ethereum-based suite of applications allowing users to interact with the smart contracts deployed to the Ethereum blockchain. By using a Third-party Extension, a Third-party Platform, or any other Third-party services to access our Services you agree that you are governed by the terms of service and privacy policy for the applicable Third-party Extension, Third-party Platform, or any other Third-party services. For example: the MetaMask Terms of Service and Privacy Policy are available here and here and the Immutable X Protocol Licence Agreement is available here. You acknowledge and agree that we, together with the Illuvium DAO, its bodies corporate and representatives we shall not be responsible or liable, directly or indirectly, for any damage or loss caused or alleged to be caused by or in connection with the use of or reliance on any such third-party content, goods or services available on or through Third-party Extensions, Third-Party Platforms or Third-party Services. We strongly advise You to read the terms and conditions and privacy policies of any third-party web sites or services that You visit or use.

Links

Our Interface may contain links to websites operated by third parties. Those links are provided for convenience and may not remain current or be maintained. Unless expressly stated otherwise, we are not responsible for the privacy practices of, or any content on, those linked websites, and have no control over or rights in those linked websites. The privacy policies that apply to those other websites may differ substantially from our Privacy Policy, so we encourage you to read them before using those websites.

Making a complaint

If you have concerns about how we have handled your Personal Information, you can contact us using the details below. Please include your name, email address and clearly describe your complaint. We will acknowledge your complaint and respond to you within a reasonable period. If you think we have failed to resolve the complaint satisfactorily we will provide you with information about further steps you can take. You also have the right to contact your local data protection authority.

Contact Us

For questions or requests please contact us at privacy@illuvium.io.

Annexures

ANNEXURE A - SUPPLEMENTARY TERMS - GDPR

Your Rights

Illuvium Labs FZCO is the Data Controller for Personal Data collected in connection with providing our Services. Illuvium Labs FZCO generally collects your Personal Data directly from where you are based and may store it on servers outside the EU or the European Economic Area (EEA), where data protection standards may be lower than in the EU/EEA. We undertake to respect the confidentiality of Your Personal Data and to guarantee You can exercise Your rights under the GDPR. If You are within the EU you have the right under the GDPR to:

1. Access, correct, update or delete the information We have on You: If you are unable to perform these actions yourself, please contact us to assist you.
2. Object to processing of Your Personal Data: This right exists where we are relying on a legitimate interest as the legal basis for our processing and there is something about your particular situation that makes you want to object to our processing of your Personal Data. You also have the right to object where we are processing your Personal Data for direct marketing purposes.
3. Request the transfer of Your Personal Data: We will provide to you, or to a third-party you have chosen, your Personal Data in a structured, commonly used, machine-readable format. Please note that this right only applies to automated information which You initially provided consent for us to use or where we used the information to perform a contract with you.
4. Withdraw Your consent: You have the right to withdraw your consent on using your Personal Data. If you withdraw your consent, We may not be able to provide you with access to certain specific Services or functionalities.

Exercising Your GDPR Data Protection Rights: You may exercise your rights of access, rectification, cancellation and opposition by contacting us by using the information below. Sometimes, we may not be able to provide you with access to all of your Personal Information and, where this is the case, we will tell you why. We may also need to verify your identity when you request your Personal Information. If you think that any Personal Data we hold about you is inaccurate, please contact us and we will take reasonable steps to ensure that it is corrected. You have the right to complain to your relevant Data Protection Authority about our collection and use of your Personal Data. For more information, if you are in the European Economic Area (EEA), please contact your local data protection authority in the EEA.

ANNEXURE B - SUPPLEMENTARY TERMS - CALIFORNIA

Collection of Personal Information

Over the past 12 months, we have collected the personal information from you as provided in the “What Personal Information do we collect?” section in our Privacy Policy. This does not mean that all examples listed above were in fact collected by us, but reflects our good faith belief to the best of our knowledge that some of that information from those examples may have been collected. For example, certain Personal Information would only be collected if you provided such personal information directly to us.

Sources of Personal Information

We obtain the Personal information listed above from the following categories of sources:

• Directly from you, for example, from the forms you complete on our Service, preferences you express or provide through our Service, or from your purchases on or through our Services;
• Indirectly from you, for example, from observing your activity on or through our Services;
• Automatically from you, for example, through cookies we or our Third Party Service Providers set on your device as you navigate our Services; and
• From Third-Party Service Providers, for example, we may use Third-Party services monitor and analyze the use of our Service, to handle payment processing, or to otherwise provide the Services to you.

Use of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose personal information we collect for “business purposes” or “commercial purposes” (as defined under the CCPA) as described herein this Privacy Policy and as described to you when collecting your personal information or as otherwise set forth in the CCPA.

Share of Personal Information

We may share your Personal Information to the entities we have described in this Privacy Policy, including but not limited to the entities listed above in the “To whom do we disclose your Personal Information?” section.

Disclosure of Personal Information for Business Purposes or Commercial Purposes

We may use or disclose and may have used or disclosed in the last 12 months the following categories of personal information for business or commercial purposes:

1. Category A: Identifiers;
2. Category B: Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e));
3. Category C: Protected classification characteristics under California or federal law;
4. Category D: Commercial information; and
5. Category F: Internet or other similar network activity

Please note that the categories listed above are those defined in the CCPA. This does not mean that all examples of that category of personal information were in fact disclosed, but reflects our good faith belief to the best of our knowledge that some of that information from the applicable category may be and may have been disclosed. When we disclose personal information for a business purpose or a commercial purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract. There has been no Sale by us of the Personal Information that we have collected from you or may collect from you.

Your Rights under the CCPA

The CCPA provides California residents with specific rights regarding their personal information. If You are a resident of California, You have the following rights:

1. The right to notice

   You have the right to be notified which categories of Personal Data are being collected and the purposes for which the Personal Data is being used.

2. The right to request

   Under CCPA, You have the right to request that we disclose information to you about our collection, use, sale, disclosure for business purposes and share of personal information. Once we receive and confirm your request, we will disclose to you:

   1. The categories of personal information We collected about You;
   2. The categories of sources for the personal information We collected about You;
   3. Our business or commercial purpose for collecting or selling that personal information;
   4. The categories of third parties with whom We share that personal information;
   5. The specific pieces of personal information We collected about You;
   6. The categories of Personal Information we disclosed.

3. The right to delete Personal Data

   You have the right to request the deletion of your Personal Data, subject to certain exceptions. Once we receive and confirm your request, we will delete (and direct our third party service providers to delete) your personal information from our records, unless an exception applies. We may deny your deletion request if retaining the information is necessary for us or our third party service providers to:

   1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you;
   2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities;
   3. Debug products to identify and repair errors that impair existing intended functionality.
   4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law;
   5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.);
   6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if You previously provided informed consent;
   7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with Us;
   8. Comply with a legal obligation; and
   9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

4. The right not to be discriminated against

   You have the right not to be discriminated against for exercising any of your consumer’s rights, including by:

   1. Denying goods or Services to you;
   2. Charging different prices or rates for goods or Services, including the use of discounts or other benefits or imposing penalties;
   3. Providing a different level or quality of goods or Services to you; and
   4. Suggesting that you will receive a different price or rate for goods or Services or a different level or quality of goods or Services.

Exercising Your CCPA Data Protection Rights: California residents may make a request pursuant to your rights under the CCPA by contacting us at privacy@illuvium.io. Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable request related to Your personal information. Your request to us must: provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative; and describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with the required information if we cannot verify your identity or authority to make the request and confirm that the personal information relates to you. We will disclose and deliver the required information free of charge within 45 days of receiving your verifiable request. The time period to provide the required information may be extended once by an additional 45 days when reasonably necessary and with prior notice. Any disclosures we provide will only cover the 12-month period preceding the verifiable request’s receipt. For data portability requests, we will select a format to provide Your personal information that is readily usable and should allow you to transmit the information from one entity to another entity without hindrance.

“Do Not Track” Policy as Required by California Online Privacy Protection Act (CalOPPA)

Our Services do not respond to Do Not Track signals.

Children’s Privacy

Our Services do not address anyone under the age of 13. We do not knowingly collect personally identifiable information from anyone under the age of 13. If you are a parent or guardian and you are aware that your child has provided us with Personal Data, please contact us. If we become aware that we have collected Personal Data from anyone under the age of 13 without verification of parental consent, we take steps to remove that information from our servers. If we need to rely on consent as a legal basis for processing your information and your country requires consent from a parent, we may require your parent’s consent before We collect and use that information.

Your California Privacy Rights (California’s Shine the Light law)

Under California Civil Code Section 1798 (California’s Shine the Light law), California residents with an established business relationship with us can request information once a year about sharing their Personal Data with third parties for the third parties’ direct marketing purposes. If you’d like to request more information under the California Shine the Light law, and if You are a California resident, you can contact us using the contact information provided below.

California Privacy Rights for Minor Users (California Business and Professions Code Section 22581)

California Business and Professions Code section 22581 allows California residents under the age of 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. To request removal of such data, and if you are a California resident, you can contact us using the contact information provided below, and include the email address associated with your account. Be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.

Contact Us: For further information about our Privacy Policy or practices, or to access or correct your Personal Information, or make a complaint, please contact us using privacy@illuvium.io.

ANNEXURE C - COOKIES POLICY

How are cookies used?

The web server providing the webpage can store a cookie on the user's computer or mobile device. An external web server that manages files included or referenced in the webpage is also able to store cookies. All these cookies are called http header cookies. Another way of storing cookies is through JavaScript code contained or referenced in that page. Each time the user requests a new page, the web server can receive the values of the cookies it previously set and return the page with content relating to these values. Similarly, JavaScript code is able to read a cookie belonging to its domain and perform an action accordingly. We use “analytics” cookies, which, in conjunction with our web server’s log files, allow us to calculate the aggregate number of people visiting our Interface and which parts of our Interface are most popular. This helps us gather feedback so that we can improve our Interface and better serve our users. We do not generally store any personal information that you provide to us in a cookie. We also use “social media” cookies to personalize your interaction with third-party social media platforms such as Twitter and Facebook, where our Interface uses such features. Such cookies recognize users of these social media sites when you view social media content on our Interface. They also allow you to quickly share content across media, through the use of simple “sharing” buttons.

Types of cookies we use

There are different types of cookies that we use:

• First-party cookies

  These are our own cookies set by our Interface, controlled by us and used to provide information about the usage of our Interface.

• Third-party cookies

  These are cookies from any other domain. We use a number of suppliers that may also set cookies on your device on our behalf when you visit our Interface to allow them to deliver the services they are providing.

Duration of cookies

Cookies that are used on an Interface may be either session cookies or persistent cookies.

• Session cookies

  These are temporary cookies that remain on your device until you leave the Interface.

• Persistent cookies

  These are stored on your hard drive until you delete them or they reach their expiry date. These may, for example, be used to remember your preferences when you use the Interface and recognize you on your return.

What cookies do we use?

We use the following types of cookies:

• Strictly Necessary cookies

  Some cookies are essential for the operation of our Interface. These cookies are essential in helping you to move around our Interface and use the features, such as accessing secure areas of the Interface. We may use Strictly Necessary cookies to:

  • Remember the goods and services you selected when you get to the payment page
  • Identify you as being logged in to the site
  • Provide access to protected areas of a Interface
  • Remember previously entered text so it’s not lost if the page refreshes

  Consent is not required for Strictly Necessary cookies, as they are required for us to provide the services requested by you.

• Performance cookies

  These cookies simply help us improve the way our Interface works. We utilize these cookies to analyze how our visitors use our Interface and to monitor our Interface performance. They tell us how people use each page, which ones are most commonly viewed, or whether any errors occurred. This allows us to provide a high-quality experience and quickly identify then fix any issues that arise. We may use Performance cookies to:

  • Store preferences to see which method of linking between pages is most effective
  • Enable web analytics to provide anonymous statistics on how our Interface is used
  • To assist with error management in helping us improve the Interface by measuring any errors that occur
  • Monitor ad response rates and see how effective our adverts are

  You can delete or manage Performance cookies as instructed in the last section of this Cookie Policy.

• Functionality cookies

  We use Functionality cookies to allow us to remember your preferences. For example, we may store your geographic location in a cookie to ensure that we show you our Interface localized for your area. We also use Functionality cookies to provide you with enhanced services such as allowing you to watch a video online or comment on a blog. We may use Functionality cookies to:

  • Remember settings you have applied such as layout, colors, font sizes and page backgrounds
  • Remember if we’ve already asked you if you want to fill in a survey
  • Detect if you have already seen a pop-up to ensure it doesn't get shown to you again
  • Process a request from a user to submit a comment or blog or forum post

  If you delete these Functionality cookies, any preferences or settings you selected will not be retained for later visits.

• Targeting cookies

  These cookies help us make sure the adverts you see on our Interface are relevant to you and your interests. Cookies may be placed on your device by our third-party service providers, which remember that you have visited an Interface in order to provide you with targeted adverts which are more relevant to you. However, we do not tell our advertisers who you are. We may use Targeting cookies to:

  • Collect information about browser habits to target advertising
  • Collect information about browser habits to target Interface content
  • Provide links to social networks like Facebook
  • Provide advertising agencies with information on your visit so that they can present you with adverts you may be interested in

How to manage your cookies

Most Internet browsers are initially set up to automatically accept cookies. Unless you have adjusted your browser settings to refuse cookies, our system will issue cookies when you direct your browser to our Interface. You can refuse to accept cookies by activating the appropriate setting on your browser. Please be aware that restricting the use of cookies may impact on the functionality of our Interface and you may be unable to access certain parts of our Interface. If you use different devices to access our Interface (e.g. your computer, mobile) you will need to ensure that each browser on each device is adjusted to suit your cookie preferences. Mobile phone users may have to refer to their handset manual for details on how to block cookies using their mobile browser.

Consent to Use of Cookies on our Interface

By continuing to use our Interface, you are deemed to consent to our use of the cookies described in this Policy. If you do not consent to our Cookie Policy, then please read the next section of this policy entitled “Blocking Our Use of Cookies.”

Blocking Use of Our Cookies

You as a user have the right to decline the use of cookies during your visit to our site. Whilst this is your right, it may result in you not being able to use all of the functionality of our Interface. You can block our use of cookies by activating the settings in your browser. In order to use certain services offered through our Interface, your web browser must accept cookies. If you choose to withhold consent, or subsequently block cookies, some aspects of the Interface may not work properly and you may not be able to access all or part of our Interface. The Help feature on most browsers will tell you how to prevent your browser from accepting new cookies, how to have the browser notify you when you receive a new cookie and how to disable cookies altogether. Additionally, you can disable or delete similar data used by browser add-ons, such as Flash cookies, by changing the add-ons settings or visiting the Interface of its manufacturer.

Links

This Cookie Policy does not cover the links within this site linking to other websites. We encourage you to read the privacy statements on the other websites you visit.

ANNEXURE D - GOOGLE LIMITED DISCLOSURE