Date of issuance: September 19, 2022
OpenTheta AG, a Swiss company established in Baar, Zug, Enterprise Identification Number (UID) CHE- 232.576.191 (“OpenTheta”, “we”, “us” or “our”) is committed to protecting your privacy. We have prepared this Privacy Policy to describe to you our practices regarding the Personal Data (as defined below) we collect, use, and share in connection with your visit and/or access to and use of the OpenTheta NFT Marketplace, including any content, functionality, and service offered on or through the OpenTheta NFT Marketplace (collectively, the “Service”) located at https://opentheta.io.
BY ACCESSING THE SERVICE YOU UNDERSTAND AND AGREE THAT YOUR PERSONAL DATA IS COLLECTED AND PROCESSED BY OPENTHETA.
PLEASE READ THIS POLICY CAREFULLY TO UNDERSTAND OUR POLICIES AND PRACTICES REGARDING YOUR PERSONAL DATA.
OpenTheta uses privacy by default standards and undertakes to store such Personal Data in a secured manner and to Process it with all appropriate care and attention in accordance with the Data Protection Laws.
Capitalized terms defined in the Terms of Use available at the following address https://opentheta.io/terms apply to this Privacy Policy.
In these Terms of Service, the following capitalised terms will have the following meanings:
OpenTheta provides this Privacy Policy to the User in order to describe our policies and procedures regarding the Processing and Disclosure of Personal Data collected by us in connection with with your visit and/or access to and use of the OpenTheta NFT Marketplace. It details the conditions at which, we may collect, keep, use, and save information that relates to you, as well as the choices that you have made in relation to the collection, utilization, and Disclosure of your Personal data.
By your visit and/or access to and use of the OpenTheta NFT Marketplace you acknowledge that:
(i) OpenTheta may collect and process a certain number of Personal Data that relate to them,
(ii) OpenTheta is free to use such Personal Data within the limits provided by law, especially Data Protection Laws and this Privacy Policy,
(iii) You have read and understood this Privacy Policy,
(iv) You agree to be bound by this Privacy Policy, and
(v) You agree to comply with all applicable laws and regulations in respect to matters covered by this Privacy Policy.
IF YOU DO NOT AGREE WITH THE TERMS OF THIS PRIVACY POLICY, PLEASE REFRAIN FROM VISITING AND/OR ACCESSING TO AND USING OF THE OPENTHETA NFT MARKETPLACE.
While Processing Personal Data, OpenTheta will always respect the following general principles:
The Data subject must be informed of how his/her Personal Data is Processed.
When the Personal Data is collected, the Data subject must be informed of:
Personal Data Processed by OpenTheta should be adequate and relevant to the purpose for which it was collected. This requires ensuring that the types of Personal Data collected are not excessive but proportionate to the purposes.
When Processing Personal Data, the individual rights of the Data Subjects must be protected. Personal Data shall be Processed lawfully, in a fair manner and in good faith.
Personal Data shall be collected directly from the concerned Data Subject and the Consent of the said Data Subject shall be required before such collection and further Processing. The Consent must be obtained in writing or electronically, for the purposes of documentation. The Consent is valid only if given voluntarily. If, for any reason, the Consent of the Data Subject was not obtained before collection and/or Processing, it shall be obtained in writing as soon as possible after the beginning of such Processing.
THE CONSENT FOR THE PROCESSING OF PERSONAL DATA IS GIVEN OR REITERATED:
PERSONAL DATA CAN BE PROCESSED WITHOUT CONSENT IF IT IS NECESSARY TO ENFORCE A LEGITIMATE INTEREST OF OPENTHETA. LEGITIMATE INTERESTS ARE GENERALLY OF A LEGAL (E.G. FILING, ENFORCING OR DEFENDING AGAINST LEGAL CLAIMS) OR FINANCIAL (E.G. VALUATION OF COMPANIES) NATURE.
THE PROCESSING OF PERSONAL DATA IS ALSO PERMITTED IF NATIONAL LEGISLATION REQUESTS, REQUIRES OR ALLOWS THIS.
Personal Data kept on file must be correct and if necessary, kept up to date. Inaccurate or incomplete Personal Data shall not be kept on file and deleted.
We collect both Personal Data and Anonymous Data during your visit and/or access to and use of the OpenTheta NFT Marketplace as described below:
(i) When you access and use the Service, update your account profile, or contact us, we may collect Personal Data from you, such as email address, first and last name, username, profile picture, biography, social media information and other information you provide. We also collect your blockchain address, which may become associated with Personal Data when you use and access the Service.
(ii) If you provide us with feedback or contact us, we will collect your name and contact information, as well as any other content included in the message.
(iii) We may also collect Personal Data at other points in the Service where you voluntarily provide it or where we state that Personal Data is being collected.
As you visit, navigate through and interact with the Service, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
(i) Information Collected by Our Servers. To provide the Service and make it more useful to you, we (or a third party service provider) collect information from you, including, but not limited to, your browser type, operating system, Internet Protocol (“IP”) address, mobile device ID, blockchain address, wallet type, and date/time stamps.
(ii) Log Files. As is true of most websites and applications, we gather certain information automatically and store it in log files. This information includes IP addresses, browser type, Internet service provider (“ISP”), referring/exit pages, operating system, date/time stamps, and clickstream data. We use this information to analyze trends, administer the Service, track Users’ movements around the Service, and better tailor our Services to our Users’ needs. For example, some of the information may be collected so that when you visit the Service, it will recognize you and the information can be used to personalize your experience.
(iii) Cookies. Like many online services, we use cookies to collect information. We may use both session Cookies (which expire once you close your web browser) and persistent Cookies (which stay on your computer until you delete them). A Cookie is a piece of information that is placed automatically on your electronic device’s hard drive when you visit and/or access and use the Service. The Cookie uniquely identifies your browser to the server. Cookies allow us to store information on the server (for example language preferences, technical information, click or path information etc.) to help make the Web experience better for you and to conduct website analysis and website performance review. Most Web browsers are set up to accept cookies, although you can reset your browser to refuse all cookies or to indicate when a cookie is being sent. Note, however, that some portions of the website may not work properly if you refuse cookies.
(iv) Pixel Tag. In addition, we use “Pixel Tags” (also referred to as clear Gifs, Web beacons, or Web bugs). Pixel Tags allow us to analyze how Users find our Service, make the Service more useful to you, and tailor your experience with us to meet your particular interests and needs.
(v) Not Track Signals. Our systems do not currently recognize “do not track” signals or other mechanisms that might enable Users to opt out of tracking on our site.
(vi) Google Analytics. In addition to the tracking technologies we place like Cookies and Pixel Tags, other companies may set their own cookies or similar tools when you visit and/or access and use the Service. This includes third-party Internet website analytics services like Google Analytics supplied by Google Inc. (“Google”). Google uses cookies which are text files placed on your computer in order to help analyze how Users use the Service. The data generated by the cookies concerning your use of the Service (including your IP address) will be forwarded to, and stored by, Google on servers located outside of Switzerland. Google will use this information to evaluate your use of the Service, compile reports on site activity for its publisher and provide other services relating to the activity of the Service and the use of the internet. Google may release these data to third parties if there is a legal obligation to do so or when the third parties process these data for the account of Google. Google will not cross-reference your IP address with any other data held by Google.
You may deactivate the use of cookies by selecting appropriate parameters on your navigator. However, deactivation of this kind might prevent the use of certain functions of the Service. By visiting and/or accessing and using the Service, you specifically Consent to the Processing of your Personal Data by Google under the conditions and for the purposes described above.
We may receive Personal Data and/or Anonymous Data about you from companies that offer their products and/or services for use in conjunction with the Service or whose products and/or services may be linked from the Service. For example, third-party wallet providers provide us with your blockchain address and certain other information you choose to share with those wallets providers. We may add this to the data we have already collected from or about you through the Service.
We collect data from activity that is publicly visible and/or accessible on the Theta Blockchain. This may include blockchain addresses and information regarding purchases, sales, or transfers of NFTs, which may then be associated with other data you have provided to us.
Please note that not all the uses decribed below will be relevant to every User.
Generally, we process your Personal Data to run our business, provide the Service, personalize your experience on the Service, and improve the Service. Specifically, we use your Personal Data to:
(i) facilitate the creation of and secure your account;
(ii) identify you as a user in our system;
(iii) provide you with the Service, including, but not limited to, helping you view, explore, and create NFTs using our tools and, at your own discretion, connect directly with others to purchase, sell, or transfer NFTs on the Theta Blockchain;
(iv) improve the administration of the Service and quality of experience when you interact with the Service, including, but not limited to, by analyzing how you and other Users find and interact with the Service;
(v) provide customer support and respond to your requests and inquiries;
(vi) investigate and address conduct that may violate our Terms of Service;
(vii) detect, prevent, and address fraud, violations of our terms or policies, and/or other harmful or unlawful activity;
(viii) display your username next to the NFTs currently or previously accessible in your third-party wallet, and next to NFTs on which you have interacted;
(ix) send you a welcome email to verify ownership of the email address provided when your account was created;
(x) send you administrative notifications, such as security, support, and maintenance advisories;
(xi) send you notifications related to actions on the Service, including notifications of offers on your NFTs;
(xii) send you newsletters, promotional materials, and other notices related to the Service or third parties' goods and services;
(xiii) respond to your inquiries related to employment opportunities or other requests;
(xiv) comply with applicable laws, cooperate with investigations by law enforcement or other authorities of suspected violations of law, and/or to pursue or defend against legal threats and/or claims; and
(xv) act in any other way we may describe when you provide the Personal Data.
We may create Anonymous Data records from Personal Data and use this Anonymous Data to analyze request and usage patterns so that we may improve the Service and enhance Service navigation. We reserve the right to use Anonymous Data for any purpose and to disclose Anonymous Data to third parties without restriction.
We disclose your Personal Data as described below and as described elsewhere in this Privacy Policy.
In any case where cross-border transfer is done, OpenTheta ensures that an adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the EEA by applying the Standard Contractual Clauses as made available by the European Commission and approved for use by the Swiss Data Protection Authority. These Standard Contractual Clauses will ensure an adequate level of protection abroad.
Unless otherwise stated, the third parties who receive data from us are prohibited to use this Personal Data beyond what is necessary to provide the product or service to you, directly or by participating to OpenTheta’s activities.
We may share your Personal Data with third party service providers to: provide technical infrastructure services; conduct quality assurance testing; analyze how the Service is used; prevent, detect, and respond to unauthorized activities; provide technical and customer support; and/or to provide other support to us and to the Service.
We may share some or all of your Personal Data with any subsidiaries, joint ventures, or other companies under our common control (“Affiliates”), in which case we will require our Affiliates to honor this Privacy Policy.
We may share some or all of your Personal Data in connection with or during negotiation of any merger, financing, acquisition, or dissolution transaction or proceeding involving sale, transfer, divestiture, or disclosure of all or a portion of our business or assets. In the event of an insolvency, bankruptcy, or receivership, Personal Data may also be transferred as a business asset. If another company acquires our company, business, or assets, that company will possess the Personal Data collected by us and will assume the rights and obligations regarding your Personal Data as described in this Privacy Policy.
We may also disclose your Personal Data: to fulfill the purpose for which you provide it; for any other purpose disclosed by us when you provide it; or with your consent.
The Service may contain links to third-party websites. When you click on a link to any other website or location, you will leave the Service and go to another website, and another entity may collect Personal Data from you. We have no control over, do not review, and cannot be responsible for these third-party websites or their content. Please be aware that the terms of this Privacy Policy do not apply to these third-party websites or their content, or to any collection of your Personal Data after you click on links to such third-party websites. We encourage you to read the privacy policies of every website you visit. Any links to third-party websites or locations are for your convenience and do not signify our endorsement of such third parties or their products, content, or websites.
To access and use the Service, you must use a third-party wallet (e.g. MetaMask) which allows you to engage in transactions on the Theta Blockchain. Your interactions with any third-party wallet provider are governed by the applicable terms of service and privacy policy of that third party. Under no circumstances OpenTheta shall be liable for the utilization of these other third-party wallet applications, especially regarding to the data protection rules.
Your Personal Data will be stored in Europe. You agree that we may store your Personal Data in any country of the EEA, including Switzerland. Accordingly, your Personal Data may be stored at a destination outside of your country of residence. Where permitted by law, by accepting this Privacy Policy, you agree to such.
You also agree that Processing may lead to your Personal Data being transferred and stored to countries offering a lower level of protection than your country of residence. In any such case, OpenTheta ensures that an adequate protection is guaranteed for Personal Data to be transferred outside of Switzerland and the EEA by applying the Standard Contractual Clauses as made available by the European Commission and approved for use by the Swiss Data Protection Authority. These Standard Contractual Clauses will ensure an adequate level of protection abroad.
In accordance with applicable laws, we will use your Personal Data for as long as necessary to satisfy the purposes for which your Personal Data was collected or to comply with applicable legal requirements.
OpenTheta applies high industry standards and will always apply adequate technical and organisational measures, in accordance with applicable laws to ensure that your data is kept secure.
In the event of a Personal Data breach, we shall without undue delay, and where feasible, not later than 72 hours after having become aware of it, notify the breach to the competent supervisory authority, unless said breach is unlikely to result in a risk to your rights and freedoms. If the breach is likely to result in a high risk to your rights and freedoms, we shall communicate this breach to you, if it is feasible, without undue delay.
You have the right to request access to or information about the Personal Data relating to you which are processed by us.
Where provided by law, you, your successors, representatives and/or proxies may (i) request deletion, correction or revision of your Personal Data; (ii) oppose the data Processing; (iii) limit the use and Disclosure of your Personal data; and (iv) revoke Consent to any of our data Processing activities, if OpenTheta is relying on your Consent and does not have another legal basis to continue Processing your data.
These rights can be exercised by contacting us through our contact form or writing to us at [email protected] with an attached copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable laws.
We may refuse, restrict, or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
You have the right to receive your Personal data, which you have provided to us, in a structured, commonly used, and machine-readable format. Furthermore you have the right to transmit those data to another controller without hindrance from OpenTheta.
This right can be exercised by contacting us through our contact form or writing to us at [email protected] with an attached copy of your ID. If the request is submitted by a person other than you, without providing evidence that the request is legitimately made on your behalf, the request will be rejected.
The request is free of charge unless your request is unfounded or excessive (e.g. if you have already requested such Personal Data multiple times in the last twelve months or if the request generates an extremely high workload). In such case, we may charge you a reasonable request fee according to applicable laws.
We may refuse, restrict or defer the provision of Personal Data where it has the right to do so, for example if fulfilling the request will adversely affect the rights and freedoms of others.
We will, both at the time of the determination of the means for Processing and at the time of the Processing itself, implement appropriate technical and organizational measures, such as pseudonymization, which are designed to implement data-protection principles, such as data minimization, in an effective manner and to integrate the necessary safeguards into the Processing in order to meet the requirements of the Data Protection Laws and to protect your rights.
We will implement appropriate technical and organizational measures for ensuring that, by default, only Personal Data which is necessary for each specific purpose of the Processing is processed. This obligation applies to the amount of your Personal Data we collect, the extent of their Processing, the period of storage and their accessibility. These measures will ensure that by default your Personal Data is not made accessible without your intervention to an indefinite number of third parties.
The Data Controller is:
OpenTheta AG
Sihlbruggstrasse 140
6340 Baar
Switzerland
We will answer any questions or concerns you may have about your Personal Data. You can get in touch with us via the postal address or email address stated in Section 20 (Contact).
OpenTheta’s representative in the EU for the purposes of the General Data Protection Regulation is Dr.iur Andreas Gmuender, ChFP who can be contacted at [email protected]. Last but not least and in any case you have the right to make a complaint if you think your Personal Data has been mishandled or if we have failed to meet your expectations. You are encouraged to contact us about any concerns or complaints, but you are entitled to complain directly to the relevant supervisory authority.
The most current version of this Privacy Policy will be made available on the OpenTheta NFT Marketplace located at https://opentheta.io/privacy.
We may modify this Privacy Policy from time to time. If a modification reduces your rights, a pop-up window will inform you immediately upon your visit and/or access to and use of the Service, and you will have to accept such changes before further use.
This Privacy Policy and any questions relating thereto shall be governed by the laws of Switzerland, to the exclusion of any rules of conflict resulting from private international law.
Any dispute relating to this Privacy Policy must exclusively be brought before the courts of Zug, subject to an appeal to the Swiss Federal Court.
To ask questions or make comments on this Privacy Policy or to make a complaint about our compliance with applicable privacy laws, please contact us through:
We will acknowledge and investigate any complaint pursuant to this Privacy Policy