1.1. Your privacy is important to us. It is Hash’s policy to respect your privacy regarding any information we may collect from you across our website, data tool and other sites we own and operate.
2. Purpose of processing
2.1. The Provider’s Platform allows the collection and processes of the customer’s Personal Data for the following purposes:
2.1.1. Customer’s ability to service its clients and management of the relationship with the data subjects;
2.1.2. for provision of information, assistance, and services requested;
2.2. Personal Data may only be processed for specified and explicitly stated purposes and may not be subsequently processed for any purpose that goes beyond these purposes. It is understood that the Provider will not disclose Personal Data to third parties unless requested by law enforcement agencies.
3. Legal basis for processing
3.1. We will process your personal information lawfully, fairly and in a transparent manner. We collect and process information about you only where we have legal bases for doing so.
3.2. These legal bases depend on the services you use and how you use them, meaning we collect and use your information only where:
3.2.1. it’s necessary for the performance of a contract to which you are a party or to take steps at your request before entering into such a contract (for example, when we provide a service you request from us);
3.2.2. it satisfies a legitimate interest (which is not overridden by your data protection interests), such as for research and development, to market and promote our services, and to protect our legal rights and interests;
3.2.3. you give us consent to do so for a specific purpose (for example, you might consent to us sending you our newsletter); or
3.2.4. we need to process your data to comply with a legal obligation.
3.3. Where you consent to our use of information about you for a specific purpose, you have the right to change your mind at any time (but this will not affect any processing that has already taken place).
3.4. We don’t keep personal information for longer than is necessary. While we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorized access, disclosure, copying, use or modification. That said, we advise that no method of electronic transmission or storage is 100% secure and cannot guarantee absolute data security. If necessary, we may retain your personal information for our compliance with a legal obligation or in order to protect your vital interests or the vital interests of another natural person.
4. Collection and use of use of information
4.1. We may collect, hold, use and disclose information for the following purposes and personal information will not be further processed in a manner that is incompatible with these purposes: to provide you with our platform’s core features; to enable you to access and use our website, associated applications and associated social media platforms; to contact and communicate with you; for internal record keeping and administrative purposes; and to comply with our legal obligations and resolve any disputes that we may have.
5. Disclosure of personal information to third parties
5.1. We may disclose personal information to:
5.1.1. Our employees, contractors and/or related entities;
5.1.2. Courts, tribunals, regulatory authorities and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise or defend our legal rights,
5.1.3. and third parties to collect and process data.
6. Security measures
6.1. The Provider processes only Customer’s Personal Data either with or without electronic tools and in any case in compliance with the security requirements requested by applicable laws. To this end, the Provider has taken appropriate technical and organizational security measures to protect Personal Data from unauthorized access, amendment, dissemination, or destruction.
7. Your rights and controlling your personal information
7.3. Restrict: You may choose to restrict the collection or use of your personal information. If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below. If you ask us to restrict or limit how we process your personal information, we will let you know how the restriction affects your use of our website or products and services.
7.4. Access and data portability: You may request details of the personal information that we hold about you. You may request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may request that we erase the personal information we hold about you at any time. You may also request that we transfer this personal information to another third party.
7.5. Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant or misleading, please contact us using the details below. We will take reasonable steps to correct any information found to be inaccurate, incomplete, misleading or out of date.
7.6. Notification of data breaches: We will comply laws applicable to us in respect of any data breach.
7.7. Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.
7.8. Unsubscribe: To unsubscribe from our e-mail database or opt-out of communications (including marketing communications), please contact us using the details below or opt-out using the opt-out facilities provided in the communication.
8. Data protection
8.1. HASH shall maintain policies, procedures, physical and technological measures to protect the information of the Customer. The Customer acknowledges that its information, documentation and communication with the Provider may be generated, received and stored centrally in electronic and / or hard copy format and that data is maintained on servers which may be located within or outside the Cayman Islands including countries which may not have the same data protections as may be in force in the Cayman Islands. This data may be accessed by other employees or officers within the Provider’s organization but not by third parties and the Company accepts that it is necessary for the performance of the services to be provided by the Provider under this Agreement that the Customer’s data is handled in this manner. The Customer will ensure that any data supplied in respect of any of its employees, officers or affiliates is given with the consent and acceptance of such employee, officer member or affiliate.
8.2. Any party to this Agreement (“Receiving Party”) undertakes that it shall treat as confidential and private, shall protect and secure and shall not at any time use, provide, disclose, divulge or communicate to any person, any and all tax, accounting, legal, business and other records, correspondence, documents, information, data (including e-mails) that the other party to the Agreement, and its principals, representatives, employees, officers, affiliates, professional advisors, service providers or agents (“Disclosing Party”) provided, disclosed or communicated to it, also before the date of this Agreement unless the Confidential Information:
8.2.1. Demonstrably is or was known to the Receiving Party prior to the commencement date not as a result of breach of any of the Receiving Party’s or the person’s that provided, disclosed or communicated it to the Receiving Party duty, obligation or applicable law;
8.2.2. Demonstrably is or was in the public domain or public knowledge not as a result of breach of this Agreement, any other obligation, duty or the applicable law;
8.2.3. Is disclosed as required by law or order of any court, tribunal, or judicial equivalent or pursuant to any direction, request or requirements (whether or not having the force of law) of any governmental, supervisory, or other regulatory body or authority (provided that, if legally permissible, the Receiving Party will promptly inform the Disclosing Party of any such order, direction, request or requirement prior to disclosing any information); and
8.2.4. Was disclosed to the Receiving Party’s principals, representatives, employees, officers, affiliates, professional advisors, service providers or agents for the purposes and to the extent of meeting obligations or fulfilling statutory duties of the Receiving Party under or in relation to this Agreement, provided the Receiving Party procures prior to the respective disclosure that the Receiving Party’s principals, representatives, employees, officers, affiliates, professional advisors, service providers or agents are in each case bound by the duty or obligation of confidentiality to the same extent as the Receiving Party under this Agreement.
8.3. The Disclosing Party will ensure, and it is deemed to be understood and relied upon by the Receiving Party, that any Confidential Information provided by the Disclosing Party to the Receiving Party in relation to its principals, affiliates, members, shareholders, beneficial owners, directors, officers, employees and agents is and has been provided with their consent and acceptance (if necessary).
9. Data protections obligations
9.1. This clause includes Data Protection Legislation (DP Legislation), General Data Protection Regulation (EU 2016/679) and legislation that amends, re-enacts or replaces it, as well as any other applicable data privacy laws or regulations including applicable local legislation.
9.2. This clause further applies to data subject to DP Legislation provided to HASH by the Customer or on the Customer’s behalf in connection with the Services.
9.3. HASH shall be entitled to generate, collect, receive, transfer, disclose, process, and store all documents, materials, content and other information relating to the business, financial position or state of affairs of the Customer (the “Data”) within or outside the Cayman Islands or in other jurisdictions whether or not the Provider has a presence in such jurisdictions, including jurisdictions which may not have equivalent data protection requirements to the Cayman Islands. The Customer hereby explicitly consents to the transfer of all Data into and out of any such jurisdictions. The Provider shall be entitled to disclose the provision of the Services to the extent necessary in the normal course of business of the Customer or where disclosure is required by any law, order of court or pursuant to any direction, request or demand made by any Governmental, legal, judicial or regulatory body.
9.4. In Relation to Personal Data and where necessary to enable the Provider to deliver the Services, for such purposes HASH shall have the Customer’s authority to process personal data on its behalf and in accordance with this clause. HASH shall otherwise act on the Customer’s instructions when processing its personal data, save as required by law or the order of competent court or tribunal. When HASH does so, appropriate technical and organisational measures designed to protect against unauthorised or unlawful processing of personal data and against accidental loss, destruction of, alteration of, or damage to, personal data, including obligations as they exist under the Data Protection Law of the Cayman Islands will be taken. The HASH shall answer the Customer’s reasonable enquiries to enable it to monitor compliance with this clause. In making personal data available to the Provider, the Customer confirms that it has complied with applicable laws. In this clause, personal data means any information relating to a living individual (i.e. not an organisation or company) that can reasonably be linked to that individual or identifiable natural person.
9.5. The Customer warrants and represents that it has any necessary consent, provided any necessary notice and done all other things required under the DP Legislation to disclose Personal Data to the Provider in connection with the Services. The Provider shall act as a Controller and perform the Services in accordance with the DP Legislation.
9.6. The Customer will take appropriate technical and organizational steps to protect against unauthorized or unlawful processing of Personal Data and accidental loss or destruction of, or damage to Personal Data.
9.7. The HASH shall process the personal as reasonably required:
9.7.1.To provide the Services;
9.7.2. For the Customer’s reasonable business purposes; and
9.7.3. To meet the Customer’s legal and regulatory obligations.
9.8. The HASH shall notify the Customer promptly and to the extent permitted by law:
9.8.1. Upon receiving a request for Personal Data or other request from a data subject, or if the Provider receive any claim, complaint or allegation relating to the processing of the Personal Data; and
9.8.2. Upon becoming aware of any breach of security leading to the destruction, loss or unlawful disclosure of the Personal Data in the company’s possession or control.
9.9. Upon request, and to the extent permitted by law, each Party shall provide the other with information relating to its processing of Personal Data as reasonably required for the other to satisfy its obligations under DP Legislation.
10. Limits of our policy
10.1. Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.
11. Changes to this policy
Dated: 15 November 2021