by us, OneGrid. It provides you, as a user of the website, with details about the personal data we collect from you, how we use it and your rights to control personal data we hold about you. Any future updates will be posted on this page.1. Who we are
OneGrid is a limited liability company organised under the laws of Belgium having its registered offices at Carnegielaan 37, 3500 Hasselt ("OneGrid", "us" or "we"). As data controller, we respect your right to privacy and will only process personal data you provide to us in accordance with applicable data protection laws and as described in this policy. Applicable data protection laws include (i) the General Data Protection Regulation (Regulation 2016/679) (“GDPR”); and (ii) all other existing or new applicable laws relating to or impacting on the processing of personal data of a living person and privacy.
If you have any questions, you can contact us by writing to the above address or by sending an e-mail to email@example.com
.2. The personal data we collect about you and the purposes for which we collect it
Below you will find an overview of:
- the categories of personal data that we (or third party data processors acting on our behalf may collect - for further information on data processors acting on our behalf, see below under point 3), use and store about you;
- the purposes for which this data would be collected;
- the legal basis for processing.
Categories of personal data
Purpose(s) for processing
Legal basis for processing
Profile info (username, profile picture, personal description)
Allow users to publicly share info about themselves
Contact details (name, surname, e-mail address, location)
Payment of an NFT Allowing you to enter into a contract (Connecting Buyers to Sellers)
Article 6.1 (b) GDPR – necessary for the performance of a contract
Account details (wallet address, email address)
Allowing you to enter into a contract (Connecting Buyers to Sellers)
Article 6.1 (b) GDPR – necessary for the performance of a contract; or necessary to entering into a contract
Wallet details (bank details, Wallet details)
Payment of an NFT Invoicing and accounting purposes
Article 6.1 (b) GDPR – necessary for the performance of a contract
Details of your visits to our Platform and the information that you access
a) Correct performance of our Platform b) Improving our Platform and services c) Analysing and identifying the regularity of the use of our Platform
Article 6.1 (b) GDPR – necessary for the performance of a contract & Article 6.1 (a) GDPR – your consent (to cookies – see our Cookies Policy)
Browser and operating system data (including IP address)
Correct performance of our Platform: assessing the security and stability of our Platform, ensuring its comfortable and correct use
Article 6.1 (b) GDPR – our legitimate interests to improve our services and to give quality services
referred to as CookieFirst.
When you access our website, a connection is established with CookieFirst’s server to give us the possibility to obtain valid consent from you to the use of certain cookies. CookieFirst then stores a cookie in your browser in order to be able to activate only those cookies to which you have consented and to properly document this. The data processed is stored until the predefined storage period expires or you request to delete the data. Certain mandatory legal storage periods may apply notwithstanding the aforementioned.
We have concluded a data processing agreement with CookieFirst. This is a contract required by data protection law, which ensures that data of our website visitors is only processed in accordance with our instructions and in compliance with the GDPR.Server log files
Our website and CookieFirst automatically collect and store information in so-called server log files, which your browser automatically transmits to us. The following data is collected:
- Your consent status or the withdrawal of consent;
- Your anonymised IP address;
- Information about your Browser;
- Information about your Device;
- The date and time you have visited our website;
- The webpage url where you saved or updated your consent preferences;
- The approximate location of the user that saved their consent preference;
- A universally unique identifier (UUID) of the website visitor that clicked the cookie banner.
3. How we share your personal data and who we share it with
We will not sell, rent or otherwise disclose your personal data to any third party, except as described in this policy.
3.2 Subsidiaries/affiliated companies and third party processors
We may provide your personal data to third party processors to process personal data on our behalf for the purposes set out above. These parties are required to process such information based on our instructions and in accordance with this policy.
The third party providers to whom we may disclose your personal data are: Stripe, Crossmint, Torus Labs, Thirdweb.
3.3 Compliance with laws and legal proceedings
We may disclose your personal data where:
- we are required to do so by applicable law, by a governmental body or by a law enforcement agency;
- to establish or exercise our legal rights or defend against legal claims;
3.4 Other recipients
We may also disclose your personal data to the artist or creator of whom you directly purchased a digital asset.
4. How long do we keep your personal data?
We will hold your personal data as long as it is necessary to comply with our legal obligations (including bookkeeping, social and tax obligations) or to resolve disputes and/or enforce our agreements.
5. International transfers
In connection with the above-mentioned purposes, we try to avoid as much as possible the transfer of personal data that we collect from you to third party data processors located outside the European Economic Area.
When we transfer personal data that we collect from you to third party data processors located in countries that are outside of the European Economic Area and which do not offer an adequate level of protection, we ensure the use of appropriate data transfer tools such as the entering into of the standard contractual clauses issued by the European Commission. You may always e-mail us at firstname.lastname@example.org
for further information about this.
[You acknowledge and agree – via the appropriate checkboxes on the Platform – that your wallet address, your e-mail address, and your optional provided profile info may be visible to other users that may be located in countries outside of the EEA and which do not offer an adequate level of protection.]6. Security
We take appropriate technical and organisational measures to safeguard the personal data that you provide to us against unauthorized or unlawful processing and against accidental destruction, loss or damage.7. Your rights
You have the following rights as a data subject:
- the right to access to personal data that we hold about you;
- the right to ask us to update or correct any out-of-date or incorrect personal data that we hold about you;
- where the processing is based on your consent, the right to withdraw consent at any given time, without affecting the lawfulness of processing based on consent before its withdrawal;
- the right to erasure where the conditions of article 17 of the GDPR have been met;
- the right to restriction of processing where the conditions of article 18 of the GDPR have been met;
- the right to data portability insofar the conditions of article 20 GDPR apply to you;
- the right to object to processing of personal data concerning you, insofar the conditions under article 21 GDPR have been met; and
- the right to opt out of any direct marketing communications that we (with your consent) may send you.
You can exercise these rights at any given time by emailing us at email@example.com
. You also have the right to lodge a complaint with the Data Protection Authority, by post to 35 Rue de la Presse, B-1000 Brussels, by e-mail to firstname.lastname@example.org, or by telephone at +32 2 274 48 00.
Last updated on [Sept. 8, 2023]